Closed Bug 945855 Opened 12 years ago Closed 12 years ago

Remove the security.first_network_revocation_method pref

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla28

People

(Reporter: briansmith, Assigned: retornam)

Details

(Whiteboard: [good first bug][mentor=briansmith][good first verify])

Attachments

(1 file, 2 obsolete files)

bug945855.patch
6.39 KB, patch
briansmith
: review+
briansmith
: checkin+
Details | Diff | Splinter Review
+++ This bug was initially created as a clone of Bug #917047 +++ This preference is unnecessary. We're always going to want to try OCSP first. Note that besides removing the uses of the pref in nsNSSComponent, the corresponding argument and member variable in the CertVerifier class should be removed.
Attached patch bug945855.patch (obsolete) — Splinter Review
Attachment #8342031 - Flags: review?(brian)
Assignee: nobody → mozbugs.retornam
Comment on attachment 8342031 [details] [diff] [review] bug945855.patch Review of attachment 8342031 [details] [diff] [review]: ----------------------------------------------------------------- ::: security/manager/ssl/src/CertVerifier.cpp @@ -32,5 @@ > , mOCSPDownloadEnabled(odc == ocsp_on) > , mOCSPStrict(osc == ocsp_strict) > , mRequireRevocationInfo(arfc == any_revo_strict) > - , mCRLFirst(firstNetworkRevocationMethod != nullptr && > - !strcmp("crl", firstNetworkRevocationMethod)) Besides removing mCRLFirst, you also need to remove the use of mCRLFirst in CertVerifier::VerifyCert. ::: security/manager/ssl/src/CertVerifier.h @@ -54,5 @@ > const bool mMissingCertDownloadEnabled; > const bool mCRLDownloadEnabled; > const bool mOCSPDownloadEnabled; > const bool mOCSPStrict; > const bool mRequireRevocationInfo; You should remove mCRLFirst here too. ::: security/manager/ssl/src/nsNSSComponent.cpp @@ -1035,5 @@ > - nsCString firstNetworkRevo = > - Preferences::GetCString("security.first_network_revocation_method"); > - if (firstNetworkRevo.IsEmpty()) { > - firstNetworkRevo = FIRST_REVO_METHOD_DEFAULT; > - } This code was recently changed in bug 915937. Please do "hg pull --rebase" (assuming that you are pulling from mozilla-inbound) with your patch applied and then correct the merge conflict.
Attachment #8342031 - Flags: review?(brian) → review-
Attached patch bug945855.patch (obsolete) — Splinter Review
Attachment #8343239 - Flags: review?(brian)
Comment on attachment 8343239 [details] [diff] [review] bug945855.patch Review of attachment 8343239 [details] [diff] [review]: ----------------------------------------------------------------- Getting close. ::: security/manager/ssl/src/nsNSSComponent.cpp @@ +1014,3 @@ > if (firstNetworkRevo.IsEmpty()) { > firstNetworkRevo = "ocsp"; > } The firstNetworkRevo variable and the code that uses it needs to be removed too.
Attachment #8343239 - Flags: review?(brian) → review-
Attached patch bug945855.patchSplinter Review
Attachment #8342031 - Attachment is obsolete: true
Attachment #8343239 - Attachment is obsolete: true
Attachment #8343547 - Flags: review?(brian)
Comment on attachment 8343547 [details] [diff] [review] bug945855.patch Review of attachment 8343547 [details] [diff] [review]: ----------------------------------------------------------------- https://hg.mozilla.org/integration/mozilla-inbound/rev/61f685a6ac53
Attachment #8343547 - Flags: review?(brian)
Attachment #8343547 - Flags: review+
Attachment #8343547 - Flags: checkin+
Target Milestone: --- → mozilla28
https://hg.mozilla.org/mozilla-central/rev/61f685a6ac53
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [good first bug][mentor=briansmith] → [good first bug][mentor=briansmith][good first verify]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: