Closed
Bug 392211
Opened 17 years ago
Closed 17 years ago
certificate usage is part of the libPKIX global state context
Categories
(NSS :: Libraries, defect, P1)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 387024
3.12
People
(Reporter: stevepnscp, Assigned: stevepnscp)
Details
(Whiteboard: PKIX)
As part of path validation, PKIX_PL_Cert_IsCertTrusted fetches the desired certificate usage from the NSS global context pointer (plContext). plContext->certificateUsage is of type SECCertificateUsage Instead of being in the global context, we should instead pass this in as a validation parameter. Since the validation parameters are at the PKIX_* level (not PKIX_PL_*), should we provide an abstraction layer so, that the SECCertificate type is reflected as part of the PKIX_* namespace?
Assignee | ||
Updated•17 years ago
|
Whiteboard: PKIX
Comment 1•17 years ago
|
||
It seems to me that *plContext should never be "global". There should be one per thread. And as David Barron noted in Bug 391775, the way we use it now, the context's arena just grows boundlessly for the lifetime of the process. Creating one context per thread doesn't fix that, by itself, but with such a context, it is possible to "mark" and "release" the thread's arenapool between operations to avoid such boundless growth.
Assignee | ||
Comment 2•17 years ago
|
||
Yes, alexei already has another bug on that - 391244
Updated•17 years ago
|
OS: Linux → All
Priority: -- → P2
Hardware: PC → All
Summary: certificate usage is part of the NSS global state context → certificate usage is part of the libPKIX global state context
Target Milestone: --- → 3.12
Updated•17 years ago
|
Priority: P2 → P1
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•