Closed
Bug 532158
Opened 15 years ago
Closed 14 years ago
Modify PSM to use CERT_PKIXVerifyCert for all cert verification tasks
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 479393
People
(Reporter: KaiE, Unassigned)
References
Details
It has been proposed to:
Modify PSM to use CERT_PKIXVerifyCert for all cert verification tasks
(instead of using the classic APIs such as CERT_VerifyCert / CERT_VerifyCertificate*)
Comment 1•14 years ago
|
||
If we're going to make a change like this we should do so in a major release like Firefox 4. PKIX gets us all kinds of good things like enforcing name constraints, and support for cross-signing of certs through which Mozilla could impose additional constraints on CAs.
There is probably some cost to this. How tested is the code? (it's been around a while, but I don't know if it has been exposed to a broad range of real-world certs.) Does it have significantly different performance than the old code?
If we're going to do it it's already getting late.
blocking2.0: --- → ?
Reporter | ||
Comment 2•14 years ago
|
||
I think this bug is a duplicate of bug 479393. I'm marking it as such, and will copy/paste Dan's comment 1 to that bug.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Updated•14 years ago
|
blocking2.0: ? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•