Closed Bug 392211 Opened 17 years ago Closed 17 years ago

certificate usage is part of the libPKIX global state context

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 387024

People

(Reporter: stevepnscp, Assigned: stevepnscp)

Details

(Whiteboard: PKIX) 

As part of path validation, PKIX_PL_Cert_IsCertTrusted  fetches the desired certificate usage from the NSS global context pointer (plContext).

plContext->certificateUsage is of type SECCertificateUsage

Instead of being in the global context, we should instead pass this in as
a validation parameter.

Since the validation parameters are at the PKIX_* level (not PKIX_PL_*), should we provide an abstraction layer so, that the SECCertificate type is reflected as part of the PKIX_* namespace?
Whiteboard: PKIX
It seems to me that *plContext should never be "global".  
There should be one per thread.  And as David Barron noted in Bug 391775, 
the way we use it now, the context's arena just grows boundlessly for the 
lifetime of the process.  Creating one context per thread doesn't fix that, 
by itself, but with such a context, it is possible to "mark" and "release" 
the thread's arenapool between operations to avoid such boundless growth.
Yes, alexei already has another bug on that - 391244
OS: Linux → All
Priority: -- → P2
Hardware: PC → All
Summary: certificate usage is part of the NSS global state context → certificate usage is part of the libPKIX global state context
Target Milestone: --- → 3.12
Priority: P2 → P1
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.