Closed
Bug 1687570
Opened 3 years ago
Closed 3 years ago
remove keyUsages from nsIX509Cert
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
91 Branch
Tracking | Status | |
---|---|---|
firefox91 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-assigned])
Attachments
(1 file, 1 obsolete file)
Only clientauthask.js
uses nsIX509Cert.keyUsages
, which makes it easy to replace using code added by the new certificate viewer.
Assignee | ||
Comment 1•3 years ago
|
||
This moves some potentially dangerous certificate parsing from C++ to JS and
reduces usage of NSS types in PSM.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 2•3 years ago
|
||
nsIX509Cert.keyUsages is only used by the front-end. As of bug 1688703, the new
certificate viewer utility files can be used anywhere in the front-end to
decode certificates. Since this code is JS instead of C/C++, this is
preferrable from the standpoint of reducing attack surface.
Updated•3 years ago
|
Attachment #9198046 -
Attachment is obsolete: true
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/49dd65ced6bd remove nsIX509Cert.keyUsages r=johannh,dveditz
Comment 4•3 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox91:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•