Open
Bug 234762
Opened 21 years ago
Updated 2 years ago
Improve PKCS#11 CRL interface
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: julien.pierre, Unassigned)
Details
Currently, we have a CRL extension used in NSS to allow storing and fetching
CRLs in PKCS#11 tokens, notably softoken.
The extension is limited in that the CRL lookups is only a function of the
issuer subject.
There is no provision for querying by keyID, by date range (I think),
for other types of CRLs (delta CRL, distribution point. We should review the
current CRL extensions and define what we want to allow in the templates, even
if our softoken will not immediately be able to support all these extensions as
the cert database currently does not. This should be coordinated with bug 217392 .
|
Reporter | |
Comment 1•21 years ago
|
||
In addition, we will need a new function in pk11wrap to replace
PK11_FindCRLByName . The function will need to look up by all the things we want
to add to the interface, and be able to return multiple SECItem of CRL objects,
rather than just one as it currently does.
The code in certdb/crl.c should use that function and the CRL cache should be
modified to deal with finding multiple objects (it is already well-equipped for
that task, but right now only fetches one at a time, since that's all the
interface can do).
|
||
Updated•20 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
|
|
||
Updated•19 years ago
|
Assignee: wtchang → nobody
QA Contact: jason.m.reid → libraries
|
|
||
Updated•18 years ago
|
Priority: -- → P3
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•