Closed
Bug 1685552
Opened 3 years ago
Closed 3 years ago
remove subjectAltNames from nsIX509Cert
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
86 Branch
Tracking | Status | |
---|---|---|
firefox86 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [psm-assigned])
Crash Data
Attachments
(1 file)
Processing certificate subject alternative names in C++ is an unnecessary risk (plus, the current implementation uses NSS types). We should move this code to the frontend now that we have the new certificate viewer code in JS.
Assignee | ||
Comment 1•3 years ago
|
||
This removes nsIX509Cert.subjectAltNames and reduces potential attack surface
by avoiding parsing subject alternative names in C/C++. It also reduces PSM
reliance on NSS types.
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/c86e3fd8515f move certificate subject alternative name processing for error pages from backend to frontend r=bbeurdouche,johannh,baku
Comment 3•3 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox86:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch
Updated•3 years ago
|
Crash Signature: [@ arena_t::DallocSmall | je_free | PORT_FreeArena_Util | nsNSSCertificate::GetSubjectAltNames]
You need to log in
before you can comment on or make changes to this bug.
Description
•