1581962 - update HasUserCertsInstalled to use more efficient client certificate discovery function added in bug 1573542

Status: RESOLVED FIXED

(Core :: Security: PSM, task, P1)

Description

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Bug 1573542 will add a function (probably FindNonCACertificatesWithPrivateKeys) that will provide an efficient method of finding all known client certificates with private keys (where the definition of "client certificate" is a bit loose at the moment - basically, "not a CA certificate"). nsINSSComponent.hasUserCertsInstalled should use this more efficient method rather than the current function, CERT_FindUserCertsByUsage.

Comment 1

[Dana Keeler (she/her) (use needinfo) [:keeler] (on leave)]

Attachment: bug 1581962 - improve nsINSSComponent::HasUserCertsInstalled by using the more efficient FindNonCACertificatesWithPrivateKeys r?kjacobs

CERT_FindUserCertsByUsage is inefficient when the corpus of known certificates
consists mostly of certificates that don't have corresponding private keys,
which is expected to be the case for most Firefox users. This change updates
the "does the user have any client certificates" functionality to use the more
efficient "FindNonCACertificatesWithPrivateKeys" function added in bug 1573542.

Comment 2

[Pulsebot]

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/635b7dd1a468
improve nsINSSComponent::HasUserCertsInstalled by using the more efficient FindNonCACertificatesWithPrivateKeys r=kjacobs

Comment 3

[Dorel Luca [:dluca]]

https://hg.mozilla.org/mozilla-central/rev/635b7dd1a468