Closed
Bug 577689
Opened 14 years ago
Closed 11 years ago
Do not store intermediate CAs in private browsing mode
Categories
(Firefox :: Private Browsing, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 769288
Tracking | Status | |
---|---|---|
status2.0 | --- | ? |
People
(Reporter: ehsan.akhgari, Assigned: ehsan.akhgari)
References
Details
(Keywords: privacy, Whiteboard: [pb-paper])
Intermediate CAs downloaded in Private Mode for X.509 chain verification are still in the cert8.db after exiting Private Browsing Mode. They shouldn't be!
Assignee | ||
Comment 1•14 years ago
|
||
So, I'm not sure where the code responsible for caching lives. If one of you guys can show me where the code lives, I'm willing to write a patch! :-) Thanks!
Comment 2•14 years ago
|
||
It could be here, but not sure: http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsNSSComponent.cpp#3231, at least see where from it gets called if you have a test case.
Comment 3•14 years ago
|
||
(In reply to comment #2) > It could be here, but not sure: > http://mxr.mozilla.org/mozilla-central/source/security/manager/ssl/src/nsNSSComponent.cpp#3231, > at least see where from it gets called if you have a test case. No, that code is for importing certs that you download as web content and with a certificate mime type. What you want is the place where we look at certificate chains during an SSL handshake. File nsNSSCallbacks.cpp, function AuthCertificateCallback: // We have found a signer cert that we want to remember. nsCAutoString nickname; nickname = nsNSSCertificate::defaultServerNickname(node->cert); if (!nickname.IsEmpty()) { PK11SlotInfo *slot = PK11_GetInternalKeySlot(); if (slot) { PK11_ImportCert(slot, node->cert, CK_INVALID_HANDLE, const_cast<char*>(nickname.get()), PR_FALSE); PK11_FreeSlot(slot); } }
Comment 7•11 years ago
|
||
http://hg.mozilla.org/mozilla-central/annotate/bcbe93f41547/security/manager/ssl/src/SSLServerCertVerification.cpp#l997
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•