Closed Bug 205436 Opened 22 years ago Closed 16 years ago

Enhance NSS' OCSP client to talk to responders over HTTPS

Categories

(NSS :: Libraries, enhancement, P2)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
3.12.3

People

(Reporter: wtc, Assigned: wtc)

References

(Blocks 1 open bug)

Details

It is useful to talk to an OCSP responder over HTTPS, for example, for confidentiality reasons. Right now NSS can only talk to an OCSP responder over HTTP. This may require the support of the id-pkix-ocsp-nocheck cert extension, whcih suppresses the revocation checking of the responder's cert.
QA Contact: bishakhabanerjee → jason.m.reid
Blocks: 331336
QA Contact: jason.m.reid → libraries
see also bug 92923 (duplicate?)
*** Bug 92923 has been marked as a duplicate of this bug. ***
Blocks: 157555
I reopened bug 92923 and reverted my change, I believe it's not a duplicate. This bug is about supporting OCSP to https *within* NSS. NSS has an internal http client, and might choose to enhance that to support https. Wan-Teh, you might choose to set this bug to WONTFIX, if you think the internal http client should no longer be enhanced, but people should rather solve the problem in the external http client provided by the application.
Summary: Support talking to an OCSP responder over HTTPS → Enhance NSS' OCSP client to talk to responders over HTTPS
Whiteboard: PKIX
Target Milestone: --- → 3.12
Priority: -- → P2
Target Milestone: 3.12 → 3.12.1
Removing pkix from whiteboard. This bug is not specifically about libpkix. It may be implemented as an enhancement to libpkix.
Whiteboard: PKIX
Marked the bug WONTFIX.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
Target Milestone: 3.12.1 → 3.12.3
You need to log in before you can comment on or make changes to this bug.