Closed Bug 1581962 Opened 2 months ago Closed 2 months ago

update HasUserCertsInstalled to use more efficient client certificate discovery function added in bug 1573542

Categories

(Core :: Security: PSM, task, P1)

task

Tracking

()

RESOLVED FIXED
mozilla71
Tracking Status
firefox71 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

Bug 1573542 will add a function (probably FindNonCACertificatesWithPrivateKeys) that will provide an efficient method of finding all known client certificates with private keys (where the definition of "client certificate" is a bit loose at the moment - basically, "not a CA certificate"). nsINSSComponent.hasUserCertsInstalled should use this more efficient method rather than the current function, CERT_FindUserCertsByUsage.

CERT_FindUserCertsByUsage is inefficient when the corpus of known certificates
consists mostly of certificates that don't have corresponding private keys,
which is expected to be the case for most Firefox users. This change updates
the "does the user have any client certificates" functionality to use the more
efficient "FindNonCACertificatesWithPrivateKeys" function added in bug 1573542.

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/635b7dd1a468
improve nsINSSComponent::HasUserCertsInstalled by using the more efficient FindNonCACertificatesWithPrivateKeys r=kjacobs
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
Regressions: 1590495
You need to log in before you can comment on or make changes to this bug.