Beginning on October 25th, 2016, Persona will no longer be an option for authentication on BMO. For more details see Persona Deprecated.
Last Comment Bug 162753 - CRL object needs to change PKCS#11 object ID upon modification
: CRL object needs to change PKCS#11 object ID upon modification
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.6
: All All
: P1 normal (vote)
: 3.8
Assigned To: Julien Pierre
: Bishakha Banerjee
Depends on:
Blocks: 149854
  Show dependency treegraph
Reported: 2002-08-14 15:53 PDT by Julien Pierre
Modified: 2003-01-21 15:44 PST (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---


Description Julien Pierre 2002-08-14 15:53:34 PDT
When installing a new CRL into the certificate database (softoken), the object
ID of the new CRL is the same as object ID of the old one. The way the CRL cache
will check for an object modification is to first look up if it exists, and then
check for its subject. With the current implementation, both tests would pass.

The fix is to create a new object ID when the new CRL is installed. This way the
CRL cache will know to flush itself and try to fetch a new CRL.
Comment 1 Julien Pierre 2002-08-29 22:39:28 PDT

This needs to get resolved for in order for the CRL cache to be able to pick up
changes to the objects. I am planning on checking it in tomorrow.
Comment 2 Wan-Teh Chang 2002-08-30 07:55:45 PDT
Assigned the bug to Bob.
Comment 3 Wan-Teh Chang 2002-09-18 15:27:06 PDT
Moved to NSS 3.7, priority P1.
Comment 4 Wan-Teh Chang 2002-12-06 11:12:55 PST
Moved to target milestone 3.8 because the original
NSS 3.7 release has been renamed 3.8.
Comment 5 Julien Pierre 2003-01-21 15:43:23 PST
Taking bug.
Comment 6 Julien Pierre 2003-01-21 15:44:56 PST
The problem that prompted the creation of this defect report was resolved in NSS
3.6 . See bug 167649 . The workaround was for NSS to automatically invalidate
the CRL cache for a given CA when a CRL for that CA is imported to softoken.
I am marking this bug WONTFIX since it means we don't need to do this
complicated fix to softoken.

Note You need to log in before you can comment on or make changes to this bug.