Closed Bug 679144 Opened 13 years ago Closed 8 years ago

Cert validation gets blocked by main thread because of sync XPCOM proxy / sync dispatch to main thread

Categories

(Core :: Security: PSM, defect)

defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 1137538

People

(Reporter: briansmith, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: perf)

Attachments

(1 obsolete file)

+++ This bug was initially created as a clone of Bug #679140 +++
+++ This bug was initially created as a clone of Bug #679036 +++

Currently, we use call nsNSSSocketInfo::GetPreviousCert during certificate chain validation in the SSL handshake, which uses an synchronous XPCOM proxy to the main thread.in proxies in the processing of SSL errors (e.g. reporting errors). This is done because we try to avoid validating the certificate for EV (which is expensive) by grabbing the nsIX509Cert object from the DocShell assocated with the socket (if any). Instead of using the DocShell as an caching, we can implement an explicit cache to avoid syncing the SSL thread on the main thread.
Summary: Remove SSL error processing on the main thread → Socket transport thread gets blocked by main thread during SSL handshake because of sync XPCOM proxy / sync dispatch to main thread
This patch removes access to the DocShell (and thus the synchronization between the SSL thread and the main thread) during the SSL handshake, by creating an explicit cache for SSL certificate EV status.
Attachment #553388 - Flags: review?(kaie)
Comment on attachment 553388 [details] [diff] [review]
Cache SSL certificate EV status explicitly, instead of implicitly in DocShell

Isn't this patch conflicting with Attachment 562076 [details] [diff] ?
Comment on attachment 553388 [details] [diff] [review]
Cache SSL certificate EV status explicitly, instead of implicitly in DocShell

Honza, I an working on another implementation of this patch now, which will apply on top of the other XPCOM-removal patches.
Attachment #553388 - Attachment is obsolete: true
Attachment #553388 - Flags: review?(kaie)
Is this bug a dup of anything else or are there any patches that in progress?
No longer blocks: 675221
No longer blocks: 436379
Summary: Socket transport thread gets blocked by main thread during SSL handshake because of sync XPCOM proxy / sync dispatch to main thread → Cert validation gets blocked by main thread during certificate validation because of sync XPCOM proxy / sync dispatch to main thread
Summary: Cert validation gets blocked by main thread during certificate validation because of sync XPCOM proxy / sync dispatch to main thread → Cert validation gets blocked by main thread because of sync XPCOM proxy / sync dispatch to main thread
Assignee: brian → nobody
I believe this was addressed in bug 1137538.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.