Closed
Bug 1560353
Opened 5 years ago
Closed 5 years ago
Cert verification cache
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla71
Tracking | Status | |
---|---|---|
firefox71 | --- | fixed |
People
(Reporter: dragana, Assigned: kershaw)
References
Details
(Whiteboard: [psm-assigned])
Attachments
(2 files)
No description provided.
Reporter | ||
Updated•5 years ago
|
Type: defect → enhancement
Reporter | ||
Updated•5 years ago
|
Assignee: nobody → dd.mozilla
Updated•5 years ago
|
Priority: -- → P1
Whiteboard: [psm-assigned]
Reporter | ||
Comment 1•5 years ago
|
||
We want to remove call to VerifySSLServerCert( in this line). For this we will need:
- use TLS session cache implemented in necko instead the one implemented in nss. Currently this cache is not used.
- we will extend that cache to add information that function RebuildVerifiedCertificateInformation gets from VerifySSLServerCert. (Background: when we have a session resumption, we do not call AuthenticationHook and all info about certs are not added to nsNSSSocketInfo, therefore we need to call VerifySSLServerCert and get these info and these info is added to nsNSSSocketInfo in RebuildVerifiedCertificateInformation).
- TLS session cache contains resumption token that can be used for the next session resumption we need to add:
whether certificate validation was successful
evOidPolicy != SEC_OID_UNKNOWN
certificateTransparencyInfo
server certificate
certificate built chain
What we need is to call this lines with infromation from the case instead of calling VerifySSLServerCert.
The session that sets resumption token gets the info above stored in nNSSSocketInfo after certificate validation in lines.
Assignee | ||
Updated•5 years ago
|
Assignee: dd.mozilla → kershaw
Assignee | ||
Comment 2•5 years ago
|
||
Assignee | ||
Comment 3•5 years ago
|
||
Pushed by kjang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/73a76edb175f
Extend SSLTokensCache to store the result of VerifySSLServerCert r=dragana,keeler
https://hg.mozilla.org/integration/autoland/rev/f472f9a312c9
Add test for external session cache r=keeler
Comment 5•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/73a76edb175f
https://hg.mozilla.org/mozilla-central/rev/f472f9a312c9
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox71:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Comment 6•5 years ago
|
||
bugherder |
You need to log in
before you can comment on or make changes to this bug.
Description
•