Closed Bug 1689729 Opened 4 years ago Closed 4 years ago

use NSS only on the socket thread in NSSCertDBTrustDomain::GetCertTrust and FindIssuer

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
87 Branch
Tracking Flags:
Tracking Status
firefox87 --- disabled
firefox88 --- disabled
firefox89 --- fixed

People

(Reporter: keeler, Assigned: keeler)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

Bug 1689729 - use NSS only on the socket thread in NSSCertDBTrustDomain::GetCertTrust and FindIssuer r?dragana!,rmf
(deleted), text/x-phabricator-request
Details

See bug 1689728. This will address NSSCertDBTrustDomain::GetCertTrust and NSSCertDBTrustDomain::FindIssuer.

See bug 1689728. To avoid contention on NSS resources and thread-safety issues,
this patch dispatches synchronous events to the socket thread in
NSSCertDBTrustDomain::GetCertTrust and FindIssuer to gather information from
NSS rather than using NSS directly on the cert verification threads.

Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/cfc0f48add00 use NSS only on the socket thread in NSSCertDBTrustDomain::GetCertTrust and FindIssuer r=rmf,dragana

https://hg.mozilla.org/mozilla-central/rev/cfc0f48add00

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox87: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 87 Branch
Regressions: 1691898

Bug 1697218 describes the regressions we are seeing on other live site tests.

We should be able to see improvements to this change reflected in Fenix nightly on this dashboard:

https://arewefastyet.com/androidPixel2/cold-page-load-live/overview?numDays=60
(The site can be really slow - that's being improved)

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: