98750 - multiple ocsp requests for one cert

Status: RESOLVED WONTFIX

(Core Graveyard :: Security: UI, defect, P2)

Description

[Christina Fu]

N6 2001090703; cms42 sp2

I set up my CMS at http://cfu to add the AIA extention for ocsp responder.  I
turned on "Use OCSP to validate only certificate that specify an ocsp service
url" on N6. I enrolled for a user cert from this ca.  Imported the cert.  Go to
Manage Certificates and "View" the certificate (which should make ONE ocsp
request).  The cert is verified, however, the ocsp counter on CMS indicates that
3 ocsp requests have been made.  I made another enrollment request for just ssl
client key usage, and "view" the cert, I noticed only 1 ocsp request has been
made.  There seems to be a relation between the number of keyusages and the
number of ocsp requests made.
rfc2560 allows even for multiple certs to be checked in one request, so PSM
should be able to do it in one.

Comment 1

[Stephane Saux]

Marking Future.  I seem to remember this issue was discussed, when Javi solved
http://bugzilla.mozilla.org/show_bug.cgi?id=87654
bug 87654.
However there was no bug filed against the multiple requests per cert.

Comment 2

[John G. Myers]

Mass reassign ssaux bugs to nobody

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

Mass change "Future" target milestone to "--" on bugs that now are assigned to
nobody.  Those targets reflected the prioritization of past PSM management.
Many of these should be marked invalid or wontfix, I think.

Comment 4

[Kai Engert [:KaiE:]]

WONTFIX.

We have an OCSP cache now, so this is irrelevant.
I guess NSS might ask for OCSP more often than the bare minimum, but given that we have a cache now...