Closed
Bug 945857
Opened 11 years ago
Closed 11 years ago
Remove the security.fresh_revocation_info.require preference
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla29
People
(Reporter: briansmith, Assigned: retornam)
Details
(Whiteboard: [good first bug][mentor=briansmith])
Attachments
(2 files)
6.26 KB,
patch
|
briansmith
:
review-
|
Details | Diff | Splinter Review |
6.31 KB,
patch
|
briansmith
:
review+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #917047 +++ The security.fresh_revocation_info.require preference is intended to be like security.OCSP.require, except that security.OCSP.require is only for OCSP, but security.fresh_revocation_info.require allows fallback to CRLs. This option was added when the switch to make libpkix the default cert verification library was added. We do not need both preferences. If CRL fallback is enabled then the security.OCSP.require preference should allow CRL fallback in the libpkix code. In other words, everywhere we respect the value of security.fresh_revocation_info.require, we should use the security.OCSP.require preference instead. Besides removing the references to this pref in nsNSSComponent, we also need to remove the corresponding constructor parameter and member variable from CertVerifier.
Reporter | ||
Updated•11 years ago
|
Whiteboard: [good first bug] → [good first bug][mentor=briansmith]
Assignee | ||
Comment 2•11 years ago
|
||
Attachment #8345562 -
Flags: review?(brian)
Reporter | ||
Comment 3•11 years ago
|
||
Comment on attachment 8345562 [details] [diff] [review] bug-945857.patch Review of attachment 8345562 [details] [diff] [review]: ----------------------------------------------------------------- Thanks for the patch. Just one minor issue. ::: security/manager/ssl/src/CertVerifier.cpp @@ +378,5 @@ > // avoiding the network is good, let's try local first > CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST > > // is overall revocation requirement strict or relaxed? > + | CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT; Please change this to just: rev.leafTests.cert_rev_method_independent_flags = rev.chainTests.cert_rev_method_independent_flags = // avoiding the network is good, let's try local first CERT_REV_MI_TEST_ALL_LOCAL_INFORMATION_FIRST; Note that CERT_REV_MI_NO_OVERALL_INFO_REQUIREMENT == 0.
Attachment #8345562 -
Flags: review?(brian) → review-
Assignee | ||
Comment 4•11 years ago
|
||
Attachment #8345573 -
Flags: review?(brian)
Reporter | ||
Updated•11 years ago
|
Attachment #8345573 -
Flags: review?(brian) → review+
Reporter | ||
Comment 5•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/464ec8159135
Target Milestone: --- → mozilla29
Comment 6•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/464ec8159135
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•