Closed
Bug 186619
Opened 22 years ago
Closed 13 years ago
Export the remaining OCSP functions declared in ocsp.h
Categories
(NSS :: Libraries, enhancement, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.14
People
(Reporter: wtc, Assigned: elio.maldonado.batiz)
References
Details
Attachments
(2 files, 2 obsolete files)
2.62 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
8.78 KB,
patch
|
elio.maldonado.batiz
:
review+
|
Details | Diff | Splinter Review |
We should review the three functions declared in ocsp.h
that are not yet exported and see if they can be exported.
They are:
CERT_DecodeOCSPRequest
CERT_GetEncodedOCSPResponse
CERT_CheckOCSPStatus
They are only used by our own ocspclnt test program right
now. If they are exported, we will be able to link ocspclnt
with our shared libraries.
But the purpose of this bug is to be more proactive in
exporting our public functions. We have had a couple of
patch releases whose main purpose was to export some
functions that were already implemented. I want to avoid
that.
Comment 1•22 years ago
|
||
Marking P2. I'm interpreting all the recent activity in reviewing our OCSP
capabilities as a sign of demand for OCSP features.
Priority: -- → P2
Updated•20 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Updated•19 years ago
|
QA Contact: jason.m.reid → libraries
Comment 2•14 years ago
|
||
One more function, declared in ocsp.h, but not exported:
CERT_ParseURL
Assignee | ||
Updated•13 years ago
|
Assignee | ||
Comment 3•13 years ago
|
||
I was about to enter a similar bug when I found this one. Please do export these functions.
See https://bugzilla.redhat.com/show_bug.cgi?id=689918#c31 and subsequent comments.
Assignee | ||
Comment 4•13 years ago
|
||
Attachment #627319 -
Flags: review?(wtc)
Reporter | ||
Comment 5•13 years ago
|
||
Comment on attachment 627319 [details] [diff] [review]
Exports OCSP functions
Review of attachment 627319 [details] [diff] [review]:
-----------------------------------------------------------------
r=wtc. Please create another patch to make the following
changes, before exporting these functions.
Will this allow us to link the ocspclnt program with NSS
shared libraries/DLL?
::: ./mozilla/security/nss/lib/nss/nss.def
@@ +1002,5 @@
> ;+};
> +;+NSS_3.14 { # NSS 3.14 release
> +;+ global:
> +CERT_CheckOCSPStatus
> +CERT_DecodeOCSPRequest
Can you add 'const' to the "SECItem *src" argument?
@@ +1003,5 @@
> +;+NSS_3.14 { # NSS 3.14 release
> +;+ global:
> +CERT_CheckOCSPStatus
> +CERT_DecodeOCSPRequest
> +CERT_GetEncodedOCSPResponse
Can you add 'const' to the "char *location" argument?
@@ +1004,5 @@
> +;+ global:
> +CERT_CheckOCSPStatus
> +CERT_DecodeOCSPRequest
> +CERT_GetEncodedOCSPResponse
> +CERT_ParseURL
Why do you need this function exported?
NOTE: this function is not OCSP-specific. I suggest that
we move the declaration from ocsp.h to cert.h, if you need
to export it. (It probably can even be moved to lib/util.)
Attachment #627319 -
Flags: review?(wtc) → review+
Assignee | ||
Comment 6•13 years ago
|
||
(In reply to Wan-Teh Chang from comment #5)
> Comment on attachment 627319 [details] [diff] [review]
> Exports OCSP functions
>
> Review of attachment 627319 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> r=wtc. Please create another patch to make the following
> changes, before exporting these functions.
>
> Will this allow us to link the ocspclnt program with NSS
> shared libraries/DLL?
This will and on second round of testing it seems I can link okay even without it. But it;s preferable that ocspclnt and most tools rely on exported functions. Some tools, such as blapitest and fipstest, by their very nature need to poke inside but that's not the case with ocsptclnt.
>
> ::: ./mozilla/security/nss/lib/nss/nss.def
> @@ +1002,5 @@
> > ;+};
> > +;+NSS_3.14 { # NSS 3.14 release
> > +;+ global:
> > +CERT_CheckOCSPStatus
> > +CERT_DecodeOCSPRequest
>
> Can you add 'const' to the "SECItem *src" argument?
Definitely.
>
> @@ +1003,5 @@
> > +;+NSS_3.14 { # NSS 3.14 release
> > +;+ global:
> > +CERT_CheckOCSPStatus
> > +CERT_DecodeOCSPRequest
> > +CERT_GetEncodedOCSPResponse
>
> Can you add 'const' to the "char *location" argument?
Yes indeed.
>
> @@ +1004,5 @@
> > +;+ global:
> > +CERT_CheckOCSPStatus
> > +CERT_DecodeOCSPRequest
> > +CERT_GetEncodedOCSPResponse
> > +CERT_ParseURL
>
> Why do you need this function exported?
Same as first comment, tool higiene perhaps. This bug stands in its own merit for the original reasons.
>
> NOTE: this function is not OCSP-specific. I suggest that
> we move the declaration from ocsp.h to cert.h, if you need
> to export it. (It probably can even be moved to lib/util.)
Agrree, cert.h is a better home than ocsp.h for this function.
Moving to lib/util, though possible, has a couple problems.
1) There is no existing util public header which would be a good home for CERT_ParseURL
2) parsing a URL is a higher level service of NSS. We do want to keep util as the provider of basic low level utility functions for both nss (higher layers) and softoken (with freebl), the later we now package stand-alone in fedora.
Assignee | ||
Comment 7•13 years ago
|
||
Address wtc's review comments and added missing semi-colons.
Assignee | ||
Updated•13 years ago
|
Attachment #627769 -
Flags: review?(wtc)
Assignee | ||
Updated•13 years ago
|
Attachment #627319 -
Attachment is obsolete: true
Reporter | ||
Comment 8•13 years ago
|
||
Comment on attachment 627769 [details] [diff] [review]
V2: Exports OCSP functions
Review of attachment 627769 [details] [diff] [review]:
-----------------------------------------------------------------
r=wtc. Thanks.
::: ./mozilla/security/nss/lib/nss/nss.def
@@ +1004,5 @@
> +;+ global:
> +CERT_CheckOCSPStatus;
> +CERT_DecodeOCSPRequest;
> +CERT_GetEncodedOCSPResponse;
> +CERT_ParseURL;
I'm not sure if CERT_ParseURL needs to be exported.
This MXR query shows that none of the NSS cmds is
using it: http://mxr.mozilla.org/security/ident?i=CERT_ParseURL
Since you moved the declaration of CERT_ParseURL to
a different header, please check for compiler warnings.
Attachment #627769 -
Flags: review?(wtc) → review+
Reporter | ||
Updated•13 years ago
|
Assignee: wtc → emaldona
Status: NEW → ASSIGNED
Target Milestone: --- → 3.14
Assignee | ||
Comment 9•13 years ago
|
||
(In reply to Wan-Teh Chang from comment #8)
> Comment on attachment 627769 [details] [diff] [review]
> V2: Exports OCSP functions
>
> Review of attachment 627769 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> r=wtc. Thanks.
>
> ::: ./mozilla/security/nss/lib/nss/nss.def
> @@ +1004,5 @@
> > +;+ global:
> > +CERT_CheckOCSPStatus;
> > +CERT_DecodeOCSPRequest;
> > +CERT_GetEncodedOCSPResponse;
> > +CERT_ParseURL;
>
> I'm not sure if CERT_ParseURL needs to be exported.
> This MXR query shows that none of the NSS cmds is
> using it: http://mxr.mozilla.org/security/ident?i=CERT_ParseURL
I'm not sure we need to do it either. Also, this function looks a bit out of place in cert.h. Would you mind if I don't export it right away?
Assignee | ||
Comment 10•13 years ago
|
||
For the time being I feel more confident checking in this one instead.
Attachment #627769 -
Attachment is obsolete: true
Attachment #628411 -
Flags: review?(wtc)
Reporter | ||
Comment 11•13 years ago
|
||
Comment on attachment 628411 [details] [diff] [review]
V3: Export OCSP functions - the ones we are sure we need
r=wtc. I am fine with not doing anything with CERT_ParseURL.
(CERT_ParseURL was requested to be exported by Konstantin Andreev
in comment 2.)
I think CERT_ParseURL can be moved to an internal header such as
certi.h, and renamed with a lower case prefix: cert_ParseURL. We
can deal with that later.
Attachment #628411 -
Flags: review?(wtc) → review+
Assignee | ||
Comment 12•13 years ago
|
||
Changes committed on the trunk:
Checking in ./mozilla/security/nss/lib/certhigh/ocsp.c;
/cvsroot/mozilla/security/nss/lib/certhigh/ocsp.c,v <-- ocsp.c
new revision: 1.71; previous revision: 1.70
done
Checking in ./mozilla/security/nss/lib/certhigh/ocsp.h;
/cvsroot/mozilla/security/nss/lib/certhigh/ocsp.h,v <-- ocsp.h
new revision: 1.21; previous revision: 1.20
done
Checking in ./mozilla/security/nss/lib/nss/nss.def;
/cvsroot/mozilla/security/nss/lib/nss/nss.def,v <-- nss.def
new revision: 1.218; previous revision: 1.217
done
Assignee | ||
Updated•13 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 13•12 years ago
|
||
We need to propagate 'const' to the functions that receive
the 'const char *location' argument. Also, the comments need
to be updated to match the current 'const char *' type.
Patch checked in on the NSS trunk (NSS 3.14).
Checking in ocsp.c;
/cvsroot/mozilla/security/nss/lib/certhigh/ocsp.c,v <-- ocsp.c
new revision: 1.72; previous revision: 1.71
done
Checking in ocsp.h;
/cvsroot/mozilla/security/nss/lib/certhigh/ocsp.h,v <-- ocsp.h
new revision: 1.22; previous revision: 1.21
done
Attachment #663693 -
Flags: review?(emaldona)
Assignee | ||
Updated•12 years ago
|
Attachment #663693 -
Flags: review?(emaldona) → review+
You need to log in
before you can comment on or make changes to this bug.
Description
•