Closed Bug 952808 Opened 6 years ago Closed 6 years ago

CERT_CacheOCSPResponseFromSideChannel does not replace an error cache entries in soft-fail mode

Categories

(NSS :: Libraries, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED
3.15.4

People

(Reporter: briansmith, Assigned: briansmith)

References

Details

(Whiteboard: [Gecko test is in bug 952876])

Attachments

(1 file)

In bug 933109 comment 25, Wan-Teh wrote:
> NOTE: the call site in CERT_CacheOCSPResponseFromSideChannel
> probably should not ignore a cached OCSP failure. I think that
> call site should pass ignoreGlobalOcspFailureSetting=PR_TRUE.
> But that is a pre-existing problem and you can ignore it in
> this bug report.
Wan-Teh, since you suggested this exact fix, and it is important to get NSS 3.15.4 finalized, I checked it in with r=wtc.
Attachment #8350961 - Flags: review?(wtc)
Attachment #8350961 - Flags: checked-in+
http://hg.mozilla.org/projects/nss/rev/22d286933c20
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
I add a test for this in Gecko's test suite in bug 952876.
Comment on attachment 8350961 [details] [diff] [review]
Make CERT_CacheOCSPResponseFromSideChannel replace error entries when a better entry is passed in

Review of attachment 8350961 [details] [diff] [review]:
-----------------------------------------------------------------

r=wtc.
Attachment #8350961 - Flags: review?(wtc) → review+
Flags: in-testsuite+
Whiteboard: [Gecko test is in bug 952876]
You need to log in before you can comment on or make changes to this bug.