Closed Bug 1685552 Opened 3 years ago Closed 3 years ago

remove subjectAltNames from nsIX509Cert

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
86 Branch
Tracking Flags:
Tracking Status
firefox86 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [psm-assigned])

Crash Data

Attachments

(1 file)

Bug 1685552 - move certificate subject alternative name processing for error pages from backend to frontend r?bbeurdouche!,johannh!
48 bytes, text/x-phabricator-request
Details | Review

Processing certificate subject alternative names in C++ is an unnecessary risk (plus, the current implementation uses NSS types). We should move this code to the frontend now that we have the new certificate viewer code in JS.

This removes nsIX509Cert.subjectAltNames and reduces potential attack surface
by avoiding parsing subject alternative names in C/C++. It also reduces PSM
reliance on NSS types.

Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c86e3fd8515f
move certificate subject alternative name processing for error pages from backend to frontend r=bbeurdouche,johannh,baku

https://hg.mozilla.org/mozilla-central/rev/c86e3fd8515f

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox86: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch
Regressions: 1698396
No longer regressions: 1698396
Crash Signature: [@ arena_t::DallocSmall | je_free | PORT_FreeArena_Util | nsNSSCertificate::GetSubjectAltNames]
See Also: → 1794423
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: