856285 - Ony use SEC_PKCS7VerifyDetachedSignatureAtTime on B2G

Status: RESOLVED INVALID

(Core :: Security: PSM, defect)

Description

[Mike Hommey [:glandium]]

Bug 834091 added SEC_PKCS7VerifyDetachedSignatureAtTime, which is not part of any NSS release. It should be made conditional to building B2G and fallback to the old code on other platforms.

Comment 1

[Mike Hommey [:glandium]]

Attachment: Ony use SEC_PKCS7VerifyDetachedSignatureAtTime on B2G

Comment 2

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

There's already a bug for adding the function to the NSS release that is waiting for review, and there's another bug for backing this code out of mozilla-aurora before it hits mozilla-beta to resolve the system NSS issue. Further, this code will be rewritten soon in a completely different way to support Firefox for Android.

The whole reason this function exists is because the old function does the wrong thing. We should have written a test to demonstrate the problem with it; if we did, then this patch would cause that test to fail.

Comment 3

[Mike Hommey [:glandium]]

(In reply to Brian Smith (:bsmith) from comment #2)
> and there's another bug for backing this code out of mozilla-aurora before it hits mozilla-beta to resolve the system NSS issue.

What is the bug number?

Comment 4

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

(In reply to Mike Hommey [:glandium] from comment #3)
> (In reply to Brian Smith (:bsmith) from comment #2)
> > and there's another bug for backing this code out of mozilla-aurora before it hits mozilla-beta to resolve the system NSS issue.
> 
> What is the bug number?

bug 853776.