Open
Bug 489347
Opened 16 years ago
Updated 1 year ago
CRL's fetched via CRL DP extension should be stored in cert DB, with the URL
Categories
(NSS :: Libraries, enhancement, P5)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: nelson, Unassigned)
References
(Blocks 1 open bug)
Details
When a full CRL is fetched by libPKIX using a Crl DP extension URL,
it should be stored, together with its CRL, in cert DB. Perhaps this
should be optional, but since this CRL fetching is new behavior in this
release, IMO, storing in cert should be the default behavior.
This should be treated as a high priority enhancement request.
|
Reporter | |
Updated•15 years ago
|
Assignee: julien.pierre.boogz → alexei.volkov.bugs
Target Milestone: 3.12.4 → ---
|
||
Comment 2•14 years ago
|
||
Firefox cannot store the CRL in private browsing mode. And, it must be able to delete all CRLs stored within a certain time frame (e.g. the last few hours) to support "Clear Recent History." Further, Firefox Mobile must somehow manage the caching of CRLs carefully along with the caching of HTTP responses (and intermediate certificates), as we are apparently extremely constrained for disk space on Android. Also, IIRC, writes to the database result in multiple fsyncs which are a potential (and unnecessary) performance problem. For all these reasons, it might be better to have CRL storage managed by the application instead.
|
||
Comment 3•2 years ago
|
||
The bug assignee is inactive on Bugzilla, so the assignee is being reset.
Assignee: alvolkov.bgs → nobody
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•1 year ago
|
Severity: S3 → N/A
Priority: -- → P5
You need to log in
before you can comment on or make changes to this bug.
Description
•