Add SHA-2 support to mozilla::pkix's OCSP implementation

NEW
Unassigned

Status

()

P3
normal
5 years ago
12 days ago

People

(Reporter: briansmith, Unassigned)

Tracking

Trunk
mozilla30
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-backlog])

Attachments

(1 attachment)

1. Make sure that SHA-2 hashes work in CertID
2. Test that SHA-2 signatures are accepted.
3. Ensure that we send the preferred signature algorithm extension in our OCSP requests (http://tools.ietf.org/html/rfc6960#section-4.4.7).
Assignee: nobody → dkeeler
Status: NEW → ASSIGNED
Depends on: 915931
Priority: -- → P4
Blocks: 976961
No longer blocks: 915930
Created attachment 8390145 [details] [diff] [review]
patch

I rebased this on top of bug 969048 since it's about to land (once bug 915932 lands and sticks, which it looks like it will), but the only conflict should be with the telemetry tests. One thing to note is that since bug 663315 hasn't been finished, sha-2 is not supported in NSS/classic verification.
Attachment #8390145 - Flags: review?(brian)
It will be a few days before I get to this. AFAICT, this is new functionality beyond the NSS-based verifier and I also want to write unit tests in bug 966856 for this.
Summary: Add SHA-2 support to insanity::pkix's OCSP implementation → Add SHA-2 support to mozilla::pkix's OCSP implementation
Blocks: 942515
Comment on attachment 8390145 [details] [diff] [review]
patch

This has probably bit-rotted quite a bit. Clearing review until we need this.
Attachment #8390145 - Flags: review?(brian)
See Also: → bug 943624
No longer blocks: 942515
See Also: → bug 942515
David, is there any chance of this happening soon? I think it would be great if we started moving towards a world where you don't need to implement SHA-1 at all. This is the last place on, AFAICT, where SHA-1 is required, after servers upgrade to TLS 1.2 with SHA-2 based certs.
Flags: needinfo?(dkeeler)
I'll see what I can do. I agree this would be a good thing to do.
Flags: needinfo?(dkeeler)
I'm not actively working on this at the moment.
Assignee: dkeeler → nobody
Status: ASSIGNED → NEW
Whiteboard: [psm-backlog]
Priority: P4 → P3
Duplicate of this bug: 1489411
You need to log in before you can comment on or make changes to this bug.