Open Bug 397405 Opened 17 years ago Updated 1 year ago

Should be able to change the interval for which cert chain is present in cache

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: alvolkov.bgs, Unassigned)

Details

(Whiteboard: PKIX) 

Currently, the cert(and it's valid chain) is stored in cert chain cache if it was successfully validated. It stored for one hour interval.

The fix for this bug should change default cache time interval to be 8 hours as most short time live certs have this validity interval.

The patch should also provide a way to change cache time interval depending upon certificate valid notAfter and crl nextUpdate times.
The patch v1 for bug 390499 address this issues, but still requires some work. Please check comment 390499#3 and comment 390499#4
Priority: -- → P2
Whiteboard: PKIX
libpkix refuse to add another cert chain into the cache if it is already has an entry with such cert. It is incorrect, because the new value may provide a new validity interval and should not be rejected, but rather an old cache entry should be updated/re-evaluated with a new data.
Version: 3.12 → trunk
Target Milestone: 3.12 → 3.12.2
Unsetting target milestone in unresolved bugs whose targets have passed.
Target Milestone: 3.12.2 → ---

The bug assignee is inactive on Bugzilla, and this bug has priority 'P2'.
:beurdouche, could you have a look please?

For more information, please visit auto_nag documentation.

Assignee: alvolkov.bgs → nobody
Flags: needinfo?(bbeurdouche)
Severity: normal → S3

We have modified the bot to only consider P1 as high priority, so I'm cancelling the needinfo here.

Flags: needinfo?(bbeurdouche)
You need to log in before you can comment on or make changes to this bug.