Closed Bug 406647 Opened 17 years ago Closed 17 years ago

libpkix does not use user defined revocation checkers

Categories

(NSS :: Libraries, defect, P2)

Product:
NSS
Component:
Libraries
Version:
3.12
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)

Details

(Whiteboard: PKIX)

Attachments

(1 file, 1 obsolete file)

Patch v2.
2.45 KB, patch
nelson
: review+
Details | Diff | Splinter Review 
pkix_Build_ValidationCheckers(pkix_build.c) does not use revocation checker list defined by user. Instead, it recreate the list and adds(if revCheckDelayed flag set) only one checker called "DefaultRevChecker".
Attachment #291300 - Flags: review?(nelson)
Priority: -- → P2
Whiteboard: PKIX
Comment on attachment 291300 [details] [diff] [review]
Prepend use defined revChecker list.

Alexei, If I understand it correctly, this patch will have 
the effect that each call to this function will modify the 
list of revCheckers that has previously been attached to the 
procParams, by appending the "default rev checker" to it.

Should we instead make a copy of the procParam's list of 
revCheckers, and append the default revchecker to that copy?

Can a caller save and re-use the list of revCheckers in 
multiple subsequence (or concurrent) calls?  

If so, the list of revcheckers will grow with each call.  
If the procParam's list of revCheckers CANNOT be (re)used 
in multiple calls, either sequentially or concurrently, 
then this is not a problem.
I was taking in consideration only two cases of pkix api usages: CERT_PKIXVerifyCert and cert_VerifyCertChainPkix. Both of them create new processing parameters which implies use of new revChecker list.

For general case would be cleaner to copy members of the revocation list into the state revocation list or at least duplicate the first.
Attachment #291300 - Flags: review?(nelson)
Comment on attachment 291300 [details] [diff] [review]
Prepend use defined revChecker list.

> For general case would be cleaner to copy members of the revocation list 
> into the state revocation list 

Yes, please do that.
Attachment #291300 - Flags: review-
Attached patch Patch v2.Splinter Review 
Duplicating the list before using it in forward build state.
Attachment #291300 - Attachment is obsolete: true
Attachment #291917 - Flags: review?(nelson)
Comment on attachment 291917 [details] [diff] [review]
Patch v2.

r=nelson
Attachment #291917 - Flags: review?(nelson) → review+
/cvsroot/mozilla/security/nss/lib/libpkix/pkix/top/pkix_build.c,v  <--  pkix_build.c
new revision: 1.15; previous revision: 1.14
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: