Closed Bug 1687570 Opened 3 years ago Closed 3 years ago

remove keyUsages from nsIX509Cert

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
91 Branch
Tracking Flags:
Tracking Status
firefox91 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file, 1 obsolete file)

Bug 1687570 - remove nsIX509Cert.keyUsages r?rmf
48 bytes, text/x-phabricator-request
Details | Review

Only clientauthask.js uses nsIX509Cert.keyUsages, which makes it easy to replace using code added by the new certificate viewer.

This moves some potentially dangerous certificate parsing from C++ to JS and
reduces usage of NSS types in PSM.

Depends on: 1688703
No longer depends on: 1688632

nsIX509Cert.keyUsages is only used by the front-end. As of bug 1688703, the new
certificate viewer utility files can be used anywhere in the front-end to
decode certificates. Since this code is JS instead of C/C++, this is
preferrable from the standpoint of reducing attack surface.

Attachment #9198046 - Attachment is obsolete: true
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/49dd65ced6bd
remove nsIX509Cert.keyUsages r=johannh,dveditz

https://hg.mozilla.org/mozilla-central/rev/49dd65ced6bd

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox91: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 91 Branch
See Also: → 1715752
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: