Closed Bug 1893334 Opened 1 year ago Closed 1 year ago

Add a pk11wrap function to read distrust-after attributes

Categories

(NSS :: Libraries, enhancement, P3)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jschanck, Assigned: jschanck)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1893334 - add PK11_ReadDistrustAfterAttribute. r=djackson
48 bytes, text/x-phabricator-request
Details | Review

While profiling TLS handshakes I noticed that we spend about 5% of our time constructing CERTCertificates in isDistrustedCertificateChain. Almost all of this time is wasted on SQL queries to cert9.db which will never return a match (as we only store distrust-after attributes in the builtins module). Since Bug 1649633 we have a way to find a certificate's object handle in the builtins module w/o constructing a CERTCertificate. We should add a function to extract the distrust-after attributes from a slot and object handle.

Blocks: 1664048
No longer blocks: 1827970
Blocks: 1893335

https://hg.mozilla.org/projects/nss/rev/dbd189b826b80eb0ff99d7769e16482624434682

Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: