instantiate CERTCertificate in nsIX509Cert on-demand instead of always
Categories
(Core :: Security: PSM, enhancement, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox98 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 2 open bugs)
Details
(Keywords: perf-alert, Whiteboard: [psm-assigned])
Crash Data
Attachments
(4 files)
nsIX509Cert
doesn't always need to make a CERTCertificate
out of the certificate bytes it's constructed with, so we could avoid some work by instantiating it on first use rather than for every certificate created. This also gives us a path towards not instantiating it at all in content processes.
Assignee | ||
Comment 1•2 years ago
|
||
Assignee | ||
Comment 2•2 years ago
|
||
Depends on D134977
Assignee | ||
Comment 3•2 years ago
|
||
Depends on D134978
Assignee | ||
Comment 4•2 years ago
|
||
Depends on D134979
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1e1f1620d1bb misc nsNSSCertificate cleanup r=jschanck https://hg.mozilla.org/integration/autoland/rev/7aa1f58a893e remove superfluous nsNSSCertificate "constructors" r=necko-reviewers,kershaw,jschanck https://hg.mozilla.org/integration/autoland/rev/4c8bf5c43e12 use mDER over mCert in nsNSSCertificate where possible r=jschanck https://hg.mozilla.org/integration/autoland/rev/667470bfefbb only instantiate CERTCertificate in nsNSSCertificate if needed r=jschanck
Comment 6•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/1e1f1620d1bb
https://hg.mozilla.org/mozilla-central/rev/7aa1f58a893e
https://hg.mozilla.org/mozilla-central/rev/4c8bf5c43e12
https://hg.mozilla.org/mozilla-central/rev/667470bfefbb
Pushed by mkmelin@iki.fi: https://hg.mozilla.org/comm-central/rev/32eac1923cb2 port ´remove superfluous nsNSSCertificate "constructors"' to Thunderbird. rs=bustage-fix
Backout by nbeleuzu@mozilla.com: https://hg.mozilla.org/mozilla-central/rev/d163f7c81ef3 Backed out 4 changesets for causing Bug 1749735 . a=pascal
Comment 9•2 years ago
|
||
Backed out for causing Bug 1749735
Backout link: https://hg.mozilla.org/mozilla-central/rev/d163f7c81ef38ebf3d1edaff9e961c925472225f
Comment 10•2 years ago
|
||
Backout by mkmelin@iki.fi: https://hg.mozilla.org/comm-central/rev/a95e0e6e62a9 Backed out changeset 32eac1923cb2 since mozilla-central part was backed out. rs=backout DONTBUILD
Comment 11•2 years ago
|
||
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/79b0615431f0 misc nsNSSCertificate cleanup r=jschanck https://hg.mozilla.org/integration/autoland/rev/84258533642e remove superfluous nsNSSCertificate "constructors" r=necko-reviewers,kershaw,jschanck https://hg.mozilla.org/integration/autoland/rev/d54b59f6d31b use mDER over mCert in nsNSSCertificate where possible r=jschanck https://hg.mozilla.org/integration/autoland/rev/eb80fdfd96b6 only instantiate CERTCertificate in nsNSSCertificate if needed r=jschanck
Comment 12•2 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/79b0615431f0
https://hg.mozilla.org/mozilla-central/rev/84258533642e
https://hg.mozilla.org/mozilla-central/rev/d54b59f6d31b
https://hg.mozilla.org/mozilla-central/rev/eb80fdfd96b6
Comment 13•2 years ago
|
||
Pushed by mkmelin@iki.fi: https://hg.mozilla.org/comm-central/rev/cb25fd710914 port ´remove superfluous nsNSSCertificate "constructors"` to Thunderbird. rs=bustage-fix
Comment 14•2 years ago
|
||
(In reply to Pulsebot from comment #13)
This appears to have broken TLS on Thunderbird Nightly x86_64 Linux.
I can't connect to my imap servers with the latest build due to the error "non-overridable TLS error occured. Handshake error or..."
Comment 15•2 years ago
|
||
Would suspect bug 1750318? If not, please file a new bug. Today's daily at least seem to work as normal for me.
Comment 16•2 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #15)
Would suspect bug 1750318? If not, please file a new bug. Today's daily at least seem to work as normal for me.
I have network.trr.mode=0 so not the same but updating to 20220115103459 appears to have fixed it. Thanks!
Comment hidden (obsolete) |
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Updated•2 years ago
|
Description
•