873673 - Clean up certificate_status message processing in libssl

Status: RESOLVED FIXED

(NSS :: Libraries, defect, P2)

Description

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

Attachment: Clean up certificate_status message processing in libssl

(In reply to Robert Relyea from Bug #360420 comment #153)
> Comment on attachment 701823 [details] [diff] [review]
> round 36 - patch 1 of 4 - client SSL protocol code
> 
> r+ I would like a separate patch to address the ssl state macine issue, but
> lets get this clear first.
> 
> brian- my complaint is the patch dies not follow how the ssl state machine
> works today I'm sympathetic to you woories, but adding and unexpected
> methode for handling optional messages were there us already an existing
> method has even more dangers. We should not put state machine desogn changes
> in peicemeal.

This patch does that. I think it also clarifies some of the issues rsleevi found when reviewing the code when Google imported it into Chromium.

Comment 1

[Brian Smith (:briansmith, :bsmith, use NEEDINFO?)]

This isn't strictly necessary for 3.15 because it doesn't change any behavior (AFAICT). But, it might be nice to put it in 3.15 so that all the changes for the implementation of OCSP stapling land in the same release.

Comment 2

[Wan-Teh Chang]

Comment on attachment 751238 [details] [diff] [review]
Clean up certificate_status message processing in libssl

Review of attachment 751238 [details] [diff] [review]:
-----------------------------------------------------------------

r=wtc. Thanks.

Comment 3

[Wan-Teh Chang]

Attachment: Clean up certificate_status message processing in libssl, v2

I folded the long comment lines and checked this in.

https://hg.mozilla.org/projects/nss/rev/722814555d1d