Closed
Bug 406647
Opened 17 years ago
Closed 17 years ago
libpkix does not use user defined revocation checkers
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)
Details
(Whiteboard: PKIX)
Attachments
(1 file, 1 obsolete file)
2.45 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
pkix_Build_ValidationCheckers(pkix_build.c) does not use revocation checker list defined by user. Instead, it recreate the list and adds(if revCheckDelayed flag set) only one checker called "DefaultRevChecker".
Attachment #291300 -
Flags: review?(nelson)
Assignee | ||
Updated•17 years ago
|
Priority: -- → P2
Whiteboard: PKIX
Comment 1•17 years ago
|
||
Comment on attachment 291300 [details] [diff] [review] Prepend use defined revChecker list. Alexei, If I understand it correctly, this patch will have the effect that each call to this function will modify the list of revCheckers that has previously been attached to the procParams, by appending the "default rev checker" to it. Should we instead make a copy of the procParam's list of revCheckers, and append the default revchecker to that copy? Can a caller save and re-use the list of revCheckers in multiple subsequence (or concurrent) calls? If so, the list of revcheckers will grow with each call. If the procParam's list of revCheckers CANNOT be (re)used in multiple calls, either sequentially or concurrently, then this is not a problem.
Assignee | ||
Comment 2•17 years ago
|
||
I was taking in consideration only two cases of pkix api usages: CERT_PKIXVerifyCert and cert_VerifyCertChainPkix. Both of them create new processing parameters which implies use of new revChecker list. For general case would be cleaner to copy members of the revocation list into the state revocation list or at least duplicate the first.
Assignee | ||
Updated•17 years ago
|
Attachment #291300 -
Flags: review?(nelson)
Comment 3•17 years ago
|
||
Comment on attachment 291300 [details] [diff] [review] Prepend use defined revChecker list. > For general case would be cleaner to copy members of the revocation list > into the state revocation list Yes, please do that.
Attachment #291300 -
Flags: review-
Assignee | ||
Comment 4•17 years ago
|
||
Duplicating the list before using it in forward build state.
Attachment #291300 -
Attachment is obsolete: true
Attachment #291917 -
Flags: review?(nelson)
Comment 5•17 years ago
|
||
Comment on attachment 291917 [details] [diff] [review] Patch v2. r=nelson
Attachment #291917 -
Flags: review?(nelson) → review+
Assignee | ||
Comment 6•17 years ago
|
||
/cvsroot/mozilla/security/nss/lib/libpkix/pkix/top/pkix_build.c,v <-- pkix_build.c new revision: 1.15; previous revision: 1.14
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•