certificate usage is part of the libPKIX global state context

RESOLVED DUPLICATE of bug 387024

Status

P1
normal
RESOLVED DUPLICATE of bug 387024
11 years ago
11 years ago

People

(Reporter: stevepnscp, Assigned: stevepnscp)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIX)

(Assignee)

Description

11 years ago
As part of path validation, PKIX_PL_Cert_IsCertTrusted  fetches the desired certificate usage from the NSS global context pointer (plContext).

plContext->certificateUsage is of type SECCertificateUsage

Instead of being in the global context, we should instead pass this in as
a validation parameter.

Since the validation parameters are at the PKIX_* level (not PKIX_PL_*), should we provide an abstraction layer so, that the SECCertificate type is reflected as part of the PKIX_* namespace?
(Assignee)

Updated

11 years ago
Whiteboard: PKIX
It seems to me that *plContext should never be "global".  
There should be one per thread.  And as David Barron noted in Bug 391775, 
the way we use it now, the context's arena just grows boundlessly for the 
lifetime of the process.  Creating one context per thread doesn't fix that, 
by itself, but with such a context, it is possible to "mark" and "release" 
the thread's arenapool between operations to avoid such boundless growth.
(Assignee)

Comment 2

11 years ago
Yes, alexei already has another bug on that - 391244
OS: Linux → All
Priority: -- → P2
Hardware: PC → All
Summary: certificate usage is part of the NSS global state context → certificate usage is part of the libPKIX global state context
Target Milestone: --- → 3.12

Updated

11 years ago
Priority: P2 → P1

Updated

11 years ago
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 387024
You need to log in before you can comment on or make changes to this bug.