Closed Bug 1748341 Opened 2 years ago Closed 2 years ago

instantiate CERTCertificate in nsIX509Cert on-demand instead of always

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
98 Branch
Tracking Flags:
Tracking Status
firefox98 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 2 open bugs)

Details

(Keywords: perf-alert, Whiteboard: [psm-assigned])

Crash Data

Attachments

(4 files)

Bug 1748341 - misc nsNSSCertificate cleanup r?jschanck
48 bytes, text/x-phabricator-request
Details | Review
Bug 1748341 - remove superfluous nsNSSCertificate "constructors" r?jschanck
48 bytes, text/x-phabricator-request
Details | Review
Bug 1748341 - use mDER over mCert in nsNSSCertificate where possible r?jschanck
48 bytes, text/x-phabricator-request
Details | Review
Bug 1748341 - only instantiate CERTCertificate in nsNSSCertificate if needed r?jschanck
48 bytes, text/x-phabricator-request
Details | Review

nsIX509Cert doesn't always need to make a CERTCertificate out of the certificate bytes it's constructed with, so we could avoid some work by instantiating it on first use rather than for every certificate created. This also gives us a path towards not instantiating it at all in content processes.

Attachment #9257389 - Attachment description: WIP: Bug 1748341 - misc nsNSSCertificate cleanup r?jschanck → Bug 1748341 - misc nsNSSCertificate cleanup r?jschanck
Attachment #9257390 - Attachment description: WIP: Bug 1748341 - remove superfluous nsNSSCertificate "constructors" r?jschanck → Bug 1748341 - remove superfluous nsNSSCertificate "constructors" r?jschanck
Attachment #9257391 - Attachment description: WIP: Bug 1748341 - use mDER over mCert in nsNSSCertificate where possible r?jschanck → Bug 1748341 - use mDER over mCert in nsNSSCertificate where possible r?jschanck
Attachment #9257392 - Attachment description: WIP: Bug 1748341 - only instantiate CERTCertificate in nsNSSCertificate if needed r?jschanck → Bug 1748341 - only instantiate CERTCertificate in nsNSSCertificate if needed r?jschanck
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/1e1f1620d1bb
misc nsNSSCertificate cleanup r=jschanck
https://hg.mozilla.org/integration/autoland/rev/7aa1f58a893e
remove superfluous nsNSSCertificate "constructors" r=necko-reviewers,kershaw,jschanck
https://hg.mozilla.org/integration/autoland/rev/4c8bf5c43e12
use mDER over mCert in nsNSSCertificate where possible r=jschanck
https://hg.mozilla.org/integration/autoland/rev/667470bfefbb
only instantiate CERTCertificate in nsNSSCertificate if needed r=jschanck
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/32eac1923cb2
port ´remove superfluous nsNSSCertificate "constructors"' to Thunderbird. rs=bustage-fix
Regressions: 1749735
Backout by nbeleuzu@mozilla.com:
https://hg.mozilla.org/mozilla-central/rev/d163f7c81ef3
Backed out 4 changesets for causing Bug 1749735 . a=pascal

Backed out for causing Bug 1749735

Backout link: https://hg.mozilla.org/mozilla-central/rev/d163f7c81ef38ebf3d1edaff9e961c925472225f

Status: RESOLVED → REOPENED
status-firefox98: fixed → ---
Flags: needinfo?(pascalc)
Resolution: FIXED → ---
Target Milestone: 98 Branch → ---
Backout by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/a95e0e6e62a9
Backed out changeset 32eac1923cb2 since mozilla-central part was backed out. rs=backout DONTBUILD
Pushed by dkeeler@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/79b0615431f0
misc nsNSSCertificate cleanup r=jschanck
https://hg.mozilla.org/integration/autoland/rev/84258533642e
remove superfluous nsNSSCertificate "constructors" r=necko-reviewers,kershaw,jschanck
https://hg.mozilla.org/integration/autoland/rev/d54b59f6d31b
use mDER over mCert in nsNSSCertificate where possible r=jschanck
https://hg.mozilla.org/integration/autoland/rev/eb80fdfd96b6
only instantiate CERTCertificate in nsNSSCertificate if needed r=jschanck
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/cb25fd710914
port ´remove superfluous nsNSSCertificate "constructors"` to Thunderbird. rs=bustage-fix

(In reply to Pulsebot from comment #13)

This appears to have broken TLS on Thunderbird Nightly x86_64 Linux.

Regression range

Good Build 20220113104309

Bad Build 20220114122738

I can't connect to my imap servers with the latest build due to the error "non-overridable TLS error occured. Handshake error or..."

Flags: needinfo?(mkmelin+mozilla)

Would suspect bug 1750318? If not, please file a new bug. Today's daily at least seem to work as normal for me.

Flags: needinfo?(mkmelin+mozilla)

(In reply to Magnus Melin [:mkmelin] from comment #15)

Would suspect bug 1750318? If not, please file a new bug. Today's daily at least seem to work as normal for me.

I have network.trr.mode=0 so not the same but updating to 20220115103459 appears to have fixed it. Thanks!

Crash Signature: [@ nsNSSCertificate::Read(nsIObjectInputStream*)]
Crash Signature: [@ nsNSSCertificate::Read(nsIObjectInputStream*)] → [@ nsNSSCertificate::Read(nsIObjectInputStream*)] [@ nsNSSCertificate::InitFromDER(char*, int)]
Crash Signature: [@ nsNSSCertificate::Read(nsIObjectInputStream*)] [@ nsNSSCertificate::InitFromDER(char*, int)] → [@ nsNSSCertificate::Read(nsIObjectInputStream*)] [@ nsNSSCertificate::InitFromDER(char*, int)]
Flags: needinfo?(pascalc)
Regressions: 1758652
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: