Closed Bug 1577038 Opened 5 years ago Closed 5 years ago

add PK11_GetCertsFromPrivateKey to return all certificates with public keys matching a particular private key

Categories

(NSS :: Libraries, enhancement, P1)

enhancement

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: keeler, Assigned: keeler)

References

Details

Attachments

(1 file)

When Firefox looks for client certificates with private keys using CERT_FindUserCertsByUsage, NSS enumerates all certificates on all tokens, which as the performance data from bug 1573542 indicates, is slow when there are many certificates (e.g. they've cached all known intermediates). On the assumption that typical users have far fewer private keys than certificates, it would be more efficient to start by enumerating private keys (using e.g. PK11_ListPrivKeysInSlot) and then get certificates corresponding to those keys. However, PK11_GetCertFromPrivateKey only returns one certificate for a given private key, when there may be multiple certificates that have a public key that matches. The intent of this bug is to add a function that behaves like PK11_GetCertFromPrivateKey but returns every matching certificate.

PK11_GetCertFromPrivateKey only returns one certificate with a public key that
matches the given private key. This change introduces
PK11_GetCertsFromPrivateKey, which returns a list of all certificates with
public keys that match the given private key.

Status: NEW → RESOLVED
Closed: 5 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 3.47
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: