Fully implement new libPKIX cert verification API from bug 294531

RESOLVED FIXED in 3.12.2

Status

NSS
Libraries
P2
enhancement
RESOLVED FIXED
14 years ago
8 years ago

People

(Reporter: Wan-Teh Chang, Assigned: Alexei Volkov)

Tracking

(Depends on: 1 bug)

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIX SUN_MUST_HAVE)

Attachments

(8 attachments, 17 obsolete attachments)

51.26 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
6.18 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
15.18 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
113.20 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
3.98 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
119.82 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
314.76 KB, patch
Details | Diff | Splinter Review
2.48 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Reporter)

Description

14 years ago
We can only enable or disable OCSP checking *globally*
in NSS right now.  We should add an option to disable
OCSP checking for a particular cert verification.
QA Contact: bishakhabanerjee → jason.m.reid
QA Contact: jason.m.reid → libraries
(Assignee)

Updated

10 years ago
Priority: -- → P2
Whiteboard: PKIX
Target Milestone: --- → 3.12
(Assignee)

Updated

10 years ago
Target Milestone: 3.12 → 3.12.1
This should be part of the cert verification API design in bug 294531
Blocks: 294531
Summary: Add an option to disable OCSP checking for a particular cert verification → New libPKIX cert verification API needs option to disable OCSP check
Wan-Teh, Does the new API defined in bug 294531 satisfy this request? 
If so, then we need a bug that demands the implementation of the API defined 
in bug 294531.  (We may already have such a bug)
(Reporter)

Comment 3

9 years ago
Yes, the new API defined in bug 294531 satisfies this request.
(That API is so flexible that it can solve any cert path
validation problem.)
Assignee: wtc → nobody
Summary: New libPKIX cert verification API needs option to disable OCSP check → Fully implement new libPKIX cert verification API from bug 294531
(Assignee)

Comment 4

9 years ago
Created attachment 332548 [details] [diff] [review]
Patch v1 - change API flags to remove libpkix performace impact

Proposing to change default setting to revocation flags to remove impact to the performance.


Currently, libpkix does two revocation checks on the same cert: 
    * first, while building the chain upward from the leaf to a trust anchor. Each time the algorithm finds a valid issue of a cert in the chain(EE or intermediate CA), it calls CRL revocation checker to verify, that previous cert in the chain was not revoked by issuing ICA. Since the CRLDP is not yet integrated, the crl revocation check is done only by using CRL cache.
 

    * second, while validating an already built chain going down. This time libpkix calls ocsp checker, that returns cert status by obtaining an info from ocsp cache. If the cache does not have fresh information, ocsp checker fetches a response from ocsp responder.

Once CRLDP code is integrated into libpkix, we will have two types of revocation checkers that have similar parts: OCSP/CRL cache and OCSP responce/CRL network fetching.

As a part of work on implementation of CERT_PKIXVerifyCert revocation API, I plan to modify the way libpkix check cert revocation status: it is to make libpkix use cached revocation data while building the chain to its trust achor, and if fresh information is needed to check revocation, do additional data(ocsp responce/CRL) fetching at the time of complete chain validation after trust anchor have been identified. 

Now, while reviewing the revocation API flags I've found, that current default setting for the flags responsible for defining an order of checking can drawback the performance. These two flags:
   CERT_REV_MI_TEST_EACH_METHOD_SEPARATELY defined as 0L  -  default
   CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST defined as 1L

The flag EACH_METHOD_SEPARATELY tells to use a method completely(first cache and then fetch from a network) before going to a next one. If it is used, cached information from the next method will only be checked after the first method is done with network fetching, thus it will happen late, only at the time when chain is already built. In some cases, it will mean that whole chain will need to be completely rebuilt.

The patch sets the flag TEST_ALL_LOCAL_INFORMATION_FIRST to be a default, making libpkix to do early check on the cached data available for defined revocation methods.
Assignee: nobody → alexei.volkov.bugs
Status: NEW → ASSIGNED
Attachment #332548 - Flags: superreview?(rrelyea)
Attachment #332548 - Flags: review?(nelson)
(Assignee)

Updated

9 years ago
Attachment #332548 - Flags: review?(kaie)

Comment 5

9 years ago
Comment on attachment 332548 [details] [diff] [review]
Patch v1 - change API flags to remove libpkix performace impact

Sorry, I think I must reject this patch.

You are reverting the numeric values of CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST

and also the other constant.

That constant is already used in Firefox 3.

I think your change breaks binary compatibility.
Attachment #332548 - Flags: review?(kaie) → review-
We disccussed this on Thursday, and there seemed to be an understanding 
of what the plan was, going forward, between Alexei, Bob and Kai, but 
I missed it.  Would someone care to state here what the new plan is?
(Assignee)

Comment 7

9 years ago
The conclusion was to test local caches of all methods regardless of the set flags. Any result from a method that indicates that a cert was not revoked or the status is unknown should be treated as positive. In this case we continue to check if next revocation method has any information(looking for negative info) in its cache. If it does,  we will stop, and declare cert to be revoked.

A cert that passed all checks will be added into the chain. Next revocation check will be done, when the whole chain get built. This time we do revocation with possible OCSP response/CRL fetching from the network. 
(Assignee)

Updated

9 years ago
Attachment #332548 - Attachment is obsolete: true
Attachment #332548 - Flags: superreview?(rrelyea)
Attachment #332548 - Flags: review?(nelson)
(Assignee)

Updated

9 years ago
Target Milestone: 3.12.1 → 3.12.2
(Assignee)

Updated

9 years ago
Whiteboard: PKIX → PKIX SUN_MUST_HAVE
(Assignee)

Comment 8

9 years ago
Created attachment 339973 [details] [diff] [review]
Implementation of new revocation API. The whole patch. Not for review

This patch will be split on multiple smaller patches.

The patch includes modifications to multiple libpkix files, some changes in certdb, certhigh and modification on vfychain utility.
(Assignee)

Updated

9 years ago
Attachment #339973 - Attachment description: the whole patch. Not for review → Implementation of new revocation API. The whole patch. Not for review
(Assignee)

Comment 9

9 years ago
Created attachment 339976 [details] [diff] [review]
Patch v1 Main logic code. Includes only changes in libpkix/pkix/checker files.
Attachment #339976 - Flags: review?(nelson)
(Assignee)

Comment 10

9 years ago
Created attachment 340009 [details] [diff] [review]
Suplimental changes in nss/lib to support revocation patch
Attachment #340009 - Flags: review?(nelson)
(Assignee)

Comment 11

9 years ago
Created attachment 340010 [details] [diff] [review]
vfychain changes related to the new revocation api
Attachment #340010 - Flags: review?(nelson)
(Assignee)

Comment 12

9 years ago
Created attachment 340250 [details] [diff] [review]
Patch v2 Main logic code. Includes only changes in libpkix/pkix/checker files.
Attachment #339976 - Attachment is obsolete: true
Attachment #340250 - Flags: review?(nelson)
Attachment #339976 - Flags: review?(nelson)
Attachment #340250 - Flags: review?(nelson) → review-
Comment on attachment 340250 [details] [diff] [review]
Patch v2 Main logic code. Includes only changes in libpkix/pkix/checker files.

Alexei & I reviewed this by phone.  I have given him all the review comments verbally.
(Assignee)

Comment 14

9 years ago
Created attachment 340652 [details] [diff] [review]
Suplimental changes in nss/lib to support revocation patch. v2

Resubmitting the patch. The old one had wrong files.
Attachment #340009 - Attachment is obsolete: true
Attachment #340652 - Flags: review?(nelson)
Attachment #340009 - Flags: review?(nelson)
(Assignee)

Comment 15

9 years ago
Created attachment 341011 [details] [diff] [review]
Suplimental changes in nss/lib to support revocation patch. v2 part 1

First part of the big patch. It has changes to the underlying pkix_pl layer needed for revocation API implementation to work.
Attachment #340652 - Attachment is obsolete: true
Attachment #341011 - Flags: review?(nelson)
Attachment #340652 - Flags: review?(nelson)
(Assignee)

Comment 16

9 years ago
Created attachment 341012 [details] [diff] [review]
Suplimental changes in nss/lib to support revocation patch. v2 part 2

Usage of newly implemented revocation API within libpkix. Revocation params propagation into libpkix.
Attachment #341012 - Flags: review?(nelson)
(Assignee)

Updated

9 years ago
Depends on: 233118
Comment on attachment 340010 [details] [diff] [review]
vfychain changes related to the new revocation api

r-. I gave Alexei review feeback by phone. (this comment applies to 3 patches.
Attachment #340010 - Flags: review?(nelson) → review-
Attachment #341011 - Flags: review?(nelson) → review-
Attachment #341012 - Flags: review?(nelson) → review-
(Assignee)

Comment 18

9 years ago
Created attachment 342913 [details] [diff] [review]
Patch v3 for Main logic code. Includes only changes in libpkix/pkix/checker files.

Patch with changes requested during review.
Attachment #340250 - Attachment is obsolete: true
Attachment #342913 - Flags: review?(nelson)
(Assignee)

Comment 19

9 years ago
Created attachment 342915 [details] [diff] [review]
Patch v2: vfychain changes related to the new revocation api

Changes to the patch according the review.
Attachment #340010 - Attachment is obsolete: true
Attachment #342915 - Flags: review?(nelson)
(Assignee)

Comment 20

9 years ago
Created attachment 342920 [details] [diff] [review]
Supplemental changes in nss/lib to support revocation patch. v3 part 1

Patch changes according to the review.
Attachment #341011 - Attachment is obsolete: true
Attachment #342920 - Flags: review?(nelson)
(Assignee)

Comment 21

9 years ago
Created attachment 342921 [details] [diff] [review]
Supplemental changes in nss/lib to support revocation patch. v3 part 2

Patch changes according to the review.
Attachment #341012 - Attachment is obsolete: true
Attachment #342921 - Flags: review?(nelson)
(Assignee)

Comment 22

9 years ago
Created attachment 342922 [details] [diff] [review]
Supplemental changes to new files in nss/lib to support revocation patch. v3 part 3

Changes to new files.
Attachment #342922 - Flags: review?(nelson)
(Assignee)

Updated

9 years ago
Attachment #342920 - Attachment description: Suplimental changes in nss/lib to support revocation patch. v3 part 1 → Supplemental changes in nss/lib to support revocation patch. v3 part 1
(Assignee)

Updated

9 years ago
Attachment #342921 - Attachment description: Suplimental changes in nss/lib to support revocation patch. v3 part 2 → Supplemental changes in nss/lib to support revocation patch. v3 part 2
(Assignee)

Updated

9 years ago
Attachment #342922 - Attachment description: Suplimental changes to new files in nss/lib to support revocation patch. v3 part 3 → Supplemental changes to new files in nss/lib to support revocation patch. v3 part 3
(Assignee)

Comment 23

9 years ago
Comment on attachment 342913 [details] [diff] [review]
Patch v3 for Main logic code. Includes only changes in libpkix/pkix/checker files.

Main functionality is implemented in function PKIX_RevocationChecker_Check. It is responsible for tracking revocation method independent flags. Control over rev method dependent flags is shared between PKIX_RevocationChecker_Check function and rev method related functions. That is pkix_CrlChecker_CheckLocal and pkix_CrlChecker_CheckExternal for crl and pkix_OcspChecker_CheckLocal and pkix_OcspChecker_CheckExternal for ocsp.

Kai, Bob, please review.
Attachment #342913 - Flags: superreview?(rrelyea)
Attachment #342913 - Flags: review?(kaie)
Comment on attachment 342915 [details] [diff] [review]
Patch v2: vfychain changes related to the new revocation api

In today's review, we made a few more changes to this patch.
Attachment #342915 - Flags: review?(nelson) → review-
Comment on attachment 342920 [details] [diff] [review]
Supplemental changes in nss/lib to support revocation patch. v3 part 1

r+, with one requested change.  In file
lib/libpkix/pkix_pl_nss/pki/pkix_pl_ocspresponse.c
in the function to be changed as follows:

>         if (PKIX_ERROR_RECEIVED){
>+            if (ocspResponse) {
>                 PKIX_DECREF(ocspResponse);
>+            } else {
>+                if (serverSession) 
>+                    hcv1->freeSessionFcn(serverSession);
>+                if (requestSession)
>+                    hcv1->freeFcn(requestSession);
>+            }
>         }

Please rename "requestSession" to just "request" 
all throughout that function.
Attachment #342920 - Flags: review?(nelson) → review+
Comment on attachment 342922 [details] [diff] [review]
Supplemental changes to new files in nss/lib to support revocation patch. v3 part 3

r=nelson
Attachment #342922 - Flags: review?(nelson) → review+
Attachment #342913 - Attachment description: Patch v2 for Main logic code. Includes only changes in libpkix/pkix/checker files. → Patch v3 for Main logic code. Includes only changes in libpkix/pkix/checker files.
Attachment #340250 - Attachment description: Main logic code. Includes only changes in libpkix/pkix/checker files. → Patch v2 Main logic code. Includes only changes in libpkix/pkix/checker files.
Attachment #339976 - Attachment description: Main logic code. Includes only changes in libpkix/pkix/checker files. → Patch v1 Main logic code. Includes only changes in libpkix/pkix/checker files.
(Assignee)

Comment 27

9 years ago
Created attachment 343470 [details] [diff] [review]
Patch v1 Missing pkix_revocationmethod.c and .h

New files missing from main code patch.
Attachment #343470 - Flags: review?(nelson)
Comment on attachment 343470 [details] [diff] [review]
Patch v1 Missing pkix_revocationmethod.c and .h

r-, this call merely copies the values from method to itself.

>+        PKIX_CHECK(
>+            pkix_RevocationMethod_Init(method,
>+                                       method->methodType,
>+                                       method->flags,
>+                                       method->priority,
>+                                       method->localRevChecker,
>+                                       method->externalRevChecker,
>+                                       plContext),
>+            PKIX_COULDNOTCREATEREVOCATIONMETHODOBJECT);
Attachment #343470 - Flags: review?(nelson) → review-
Comment on attachment 342921 [details] [diff] [review]
Supplemental changes in nss/lib to support revocation patch. v3 part 2

This is getting very close.  There are a few issues in this file:
>Index: lib/certhigh/certvfypkix.c

1. The following block of code should not be ifdef'ed.  
The comment is incorrect.  The old chain validation algorithm DOES
do CRL checking at each step in the chain. The new code must, also.

>+#ifdef DEBUG_volkov
>+    /* Will not perform CRL revocation on the whole chain, since old chain
>+     * validation algorithm never did it. */
>+
>+    /* add CRL revocation method for other certs in the chain. */
>+    PKIX_CHECK(
>+        PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
>+                                         PKIX_RevocationMethod_CRL,
>+                                         PKIX_REV_M_TEST_USING_THIS_METHOD |
>+                                         PKIX_REV_M_FORBID_NETWORK_FETCHING |
>+                                         PKIX_REV_M_STOP_TESTING_ON_FRESH_INFO,
>+                                         0, NULL, PKIX_FALSE, plContext),
>+        PKIX_REVOCATIONCHECKERADDMETHODFAILED);
>+#endif

Also, I think that PKIX_REV_M_STOP_TESTING_ON_FRESH_INFO should NOT 
be set for the CRL tests.  For checking leaf certs, the old code 
would check CRLs first, and if the CRL said it was revoked, that 
would stop the test, but if the CRL did not say the cert was revoked,
and an OCSP URL was present, it would also do the OCSP check, even if
the CRL had already been checked.  

2.  In the OCSP test, I believe the old code had a settable global
flag that was equivalent to the new flag named 
PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO.  So, the new flag should
not unconditionally set that flag, but rather should test that
old global flag, and set the new flag according to the old one.
>+    PKIX_CHECK(
>+        PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
>+                                     PKIX_RevocationMethod_OCSP,
>+                                     PKIX_REV_M_TEST_USING_THIS_METHOD |
>+                                     PKIX_REV_M_ALLOW_NETWORK_FETCHING |
>+                                     PKIX_REV_M_ALLOW_IMPLICIT_DEFAULT_SOURCE |
>+                                     PKIX_REV_M_SKIP_TEST_ON_MISSING_SOURCE |
>+                                     PKIX_REV_M_FAIL_ON_MISSING_FRESH_INFO |
>+                                     PKIX_REV_M_STOP_TESTING_ON_FRESH_INFO |
>+                                     methodFlags,
>+                                     1, NULL, PKIX_TRUE, plContext),

3. The following comment mentions CRL revocation, but the code that 
it describes is OCSP code, not CRL code.

>+#ifdef DEBUG_volkov
>+    /* Will not perform CRL revocation on the whole chain, since old chain
>+     * validation algorithm never did it. */
>+
>+    /* add OCSP revocation method to check the chain certificates */
>+    PKIX_CHECK(
>+        PKIX_RevocationChecker_CreateAndAddMethod(revChecker, procParams,
>+                                     PKIX_RevocationMethod_OCSP,
Attachment #342921 - Flags: review?(nelson) → review-
(Assignee)

Comment 30

9 years ago
Created attachment 344942 [details] [diff] [review]
Patch v4 for Main logic code. Includes only changes in libpkix/pkix/checker files.
Attachment #342913 - Attachment is obsolete: true
Attachment #344942 - Flags: review?(nelson)
Attachment #342913 - Flags: superreview?(rrelyea)
Attachment #342913 - Flags: review?(nelson)
Attachment #342913 - Flags: review?(kaie)
(Assignee)

Comment 31

9 years ago
Created attachment 344945 [details] [diff] [review]
Patch v3: vfychain changes related to the new revocation api
Attachment #342915 - Attachment is obsolete: true
Attachment #344945 - Flags: review?(nelson)
(Assignee)

Comment 32

9 years ago
Comment on attachment 343470 [details] [diff] [review]
Patch v1 Missing pkix_revocationmethod.c and .h

Obsoleted by "patch v4 for Main logic code. Includes only changes in libpkix/pkix/checker files" patch.
Attachment #343470 - Attachment is obsolete: true
(Assignee)

Comment 33

9 years ago
Created attachment 344946 [details] [diff] [review]
Supplemental changes in nss/lib to support revocation patch. v4 part 2
Attachment #342921 - Attachment is obsolete: true
Attachment #344946 - Flags: review?(nelson)
Comment on attachment 344942 [details] [diff] [review]
Patch v4 for Main logic code. Includes only changes in libpkix/pkix/checker files.

This appears to address the previous review comments. r=nelson
Attachment #344942 - Flags: review?(nelson) → review+
Comment on attachment 344945 [details] [diff] [review]
Patch v3: vfychain changes related to the new revocation api

r=nelson
Attachment #344945 - Flags: review?(nelson) → review+
(Assignee)

Comment 36

9 years ago
Created attachment 344995 [details] [diff] [review]
new ocsp.c ocspi.h changes. Patch v1
Attachment #344995 - Flags: review?(nelson)
(Assignee)

Comment 37

9 years ago
Created attachment 344997 [details] [diff] [review]
new ocsp.c ocspi.h changes. Patch v2
Attachment #344995 - Attachment is obsolete: true
Attachment #344997 - Flags: review?(nelson)
Attachment #344995 - Flags: review?(nelson)
(Assignee)

Comment 38

9 years ago
Created attachment 344999 [details] [diff] [review]
new ocsp.c ocspi.h changes. Patch v3
Attachment #344997 - Attachment is obsolete: true
Attachment #344999 - Flags: review?(nelson)
Attachment #344997 - Flags: review?(nelson)
(Assignee)

Comment 39

9 years ago
Created attachment 345004 [details] [diff] [review]
new ocsp.c ocspi.h changes. Patch v4

fix declared returned value in the header file.
Attachment #344999 - Attachment is obsolete: true
Attachment #345004 - Flags: review?(nelson)
Attachment #344999 - Flags: review?(nelson)
Comment on attachment 344946 [details] [diff] [review]
Supplemental changes in nss/lib to support revocation patch. v4 part 2

r+.  I suggest adding comments to the expressions that 'OR' in symbols whose values are zero.  Add comments pointing out that their values are zero.
Attachment #344946 - Flags: review?(nelson) → review+
Comment on attachment 345004 [details] [diff] [review]
new ocsp.c ocspi.h changes. Patch v4


>+/* FUNCTION: ocsp_FetchingFailureIsVerificationFailure
>+ * The function checks the global ocsp settings and
>+ * tells how to treat an ocsp response fetching failure.
>+ * RETURNS:
>+ *   if PR_Bool is returned, then treat fetching as a
>+ *   revoked cert status.

I'm pretty sure that comment wants to say:
  if PR_TRUE is returned, then ...

r=nelson with that change.

I want to see testing results before any of this is 
committed.
Attachment #345004 - Flags: review?(nelson) → review+
(Assignee)

Comment 42

9 years ago
Created attachment 345573 [details] [diff] [review]
Patch v5 for Main logic code. Includes only changes in libpkix/pkix/checker files.

Additional changes to PKIX_RevocationCheker_Check function
Attachment #344942 - Attachment is obsolete: true
Attachment #345573 - Flags: review?(nelson)
Attachment #345573 - Flags: review?(nelson) → review+
Comment on attachment 345573 [details] [diff] [review]
Patch v5 for Main logic code. Includes only changes in libpkix/pkix/checker files.

r+. Please make a couple of small changes.

>+        /* The following check make sence only for chain

Should be "makes"

>+enum PKIX_RevocationMethodTypeEnum {
>+    PKIX_RevocationMethod_CRL = 0,
>+    PKIX_RevocationMethod_OCSP,
>+    PKIX_RevocationMethod_Count,
>+};

Please change _Count to _MAX.  

Thanks.
(Assignee)

Comment 44

9 years ago
Created attachment 345779 [details] [diff] [review]
Complete patch.
Attachment #339973 - Attachment is obsolete: true
(Assignee)

Updated

9 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED

Comment 45

9 years ago
Patch for this bug causes build failures on HP/UX:

gmake-3.80[5]: Entering directory `/share/builds/mccrel3/security/securitytip/builds/20081101.1/wozzeck_Solaris8/mozilla/security/nss/lib/libpkix/pkix/certsel'
cc -o HP-UXB.11.11_OPT.OBJ/pkix_certselector.o -c -O -DHPUX10 -Ae +Z -DHPUX -Dhppa -D_HPUX_SOURCE -D_USE_BIG_FDS +DAportable +DS2.0 -DHPUX11 -D_POSIX_C_SOURCE=199506L -DXP_UNIX -UDEBUG -DNDEBUG -DNSS_ENABLE_ECC -DNSS_ECC_MORE_THAN_SUITE_B -DUSE_UTIL_DIRECTLY -I../../../../../../dist/HP-UXB.11.11_OPT.OBJ/include  -I../../../../../../dist/public/nss -I../../../../../../dist/private/nss -I../../../../../../dist/public/dbm  pkix_certselector.c
cc: "../../../../../../dist/private/nss/pkixt.h", line 125: error 1574: Unknown size for "PKIX_RevocationMethodType".
cc: "../../../../../../dist/private/nss/pkixt.h", line 126: error 1574: Unknown size for "PKIX_RevocationStatus".
cc: "../../../../../../dist/private/nss/pkix_revchecker.h", line 178: error 1574: Unknown size for "methodType".
gmake-3.80[5]: *** [HP-UXB.11.11_OPT.OBJ/pkix_certselector.o] Error 1
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 46

9 years ago
Created attachment 346099 [details] [diff] [review]
Patch v1. Move enums to a public header file
Attachment #346099 - Flags: review?(nelson)
Attachment #346099 - Flags: review?(nelson) → review+
Comment on attachment 346099 [details] [diff] [review]
Patch v1. Move enums to a public header file

r=nelson
(Assignee)

Comment 48

9 years ago
(In reply to comment #46)
> Created an attachment (id=346099) [details]
> Patch v1. Move enums to a public header file
Committed.
Status: REOPENED → RESOLVED
Last Resolved: 9 years ago9 years ago
Resolution: --- → FIXED
(Assignee)

Updated

9 years ago
Duplicate of this bug: 403976
Duplicate of this bug: 413997
You need to log in before you can comment on or make changes to this bug.