Closed Bug 532158 Opened 15 years ago Closed 14 years ago

Modify PSM to use CERT_PKIXVerifyCert for all cert verification tasks

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 479393

People

(Reporter: KaiE, Unassigned)

References

Details

It has been proposed to:

Modify PSM to use CERT_PKIXVerifyCert for all cert verification tasks
(instead of using the classic APIs such as CERT_VerifyCert / CERT_VerifyCertificate*)
Assignee: kaie → nobody
Blocks: 531067
If we're going to make a change like this we should do so in a major release like Firefox 4. PKIX gets us all kinds of good things like enforcing name constraints, and support for cross-signing of certs through which Mozilla could impose additional constraints on CAs.

There is probably some cost to this. How tested is the code? (it's been around a while, but I don't know if it has been exposed to a broad range of real-world certs.) Does it have significantly different performance than the old code?

If we're going to do it it's already getting late.
blocking2.0: --- → ?
I think this bug is a duplicate of bug 479393. I'm marking it as such, and will copy/paste Dan's comment 1 to that bug.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
blocking2.0: ? → ---
You need to log in before you can comment on or make changes to this bug.