Closed
Bug 149835
Opened 23 years ago
Closed 11 years ago
CRL installation could be optimized
Categories
(Core Graveyard :: Security: UI, enhancement)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: julien.pierre, Unassigned)
References
Details
After downloading a CRL, it is fully decoded before prompting the user whether
he wishes to install it. This full decode can be very wasteful of CPU and
memory, especially with large CRLs, and is not necessary at all in case the user
declines to install the CRL.
NSS 3.6 will offer a way to do a partial decode . See bug 149816.
PSM should take advantage of this functionality .
Updated•23 years ago
|
Severity: normal → enhancement
Target Milestone: --- → Future
Reporter | ||
Comment 1•23 years ago
|
||
There is also the fact that the decoding copies the whole input. This can be
avoided with a new decode function. See bugzilla 158005.
This very simple fix can be implemented as two 1-line changes - one before
import and one at actual import, as soon as NSS 3.6 is integrated in mozilla.
Depends on: 158005
Updated•23 years ago
|
Depends on: nssclienttag36
Comment 2•22 years ago
|
||
Julien, do you want to help with the patch? What 1-lines changes should we make?
Reporter | ||
Comment 3•22 years ago
|
||
For the decode, replace
CERT_DecodeDERCrl
with
CERT_DecodeDERCrlWithFlags
And pass CRL_DECODE_SKIP_ENTRIES in the additional "options" parameter.
Also, for the import, replace :
CERTSignedCrl *
SEC_NewCrl(CERTCertDBHandle *handle, char *url, SECItem *derCrl, int type);
with
CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url,
int type, void *wincx, PRInt32 importOptions, PRArenaPool* arena, PRInt32 de
codeOptions);
Pass CRL_IMPORT_BYPASS_CHECKS in the importOptions, and CRL_DECODE_SKIP_ENTRIES
in the decodeOptions.
Comment 5•21 years ago
|
||
Mass change "Future" target milestone to "--" on bugs that now are assigned to
nobody. Those targets reflected the prioritization of past PSM management.
Many of these should be marked invalid or wontfix, I think.
Target Milestone: Future → ---
Updated•18 years ago
|
QA Contact: junruh → ui
Comment 6•11 years ago
|
||
The CRL Manager / Revocation Lists feature was removed.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INCOMPLETE
Assignee | ||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•