Closed Bug 647923 Opened 14 years ago Closed 14 years ago

libPKIX should permanently store each CRLs it downloads

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.12.9
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 489347

People

(Reporter: KaiE, Unassigned)

References

Details

(Whiteboard: DUPE-ME)

Attachments

(1 file)

Patch v1 - initial hack
(deleted), patch
Details | Diff | Splinter Review 
libPKIX should permanently store each CRLs it downloads

The permanent NSS database might have limitations, and might not be able to store all variants of CRLs. (partitioned? partial?)

The PKIX should make sure it imports only those who can be managed by CRLs.
At this time it might only support "full CRLs".
Attached patch Patch v1 - initial hack (deleted) — Splinter Review 
This patch works for me.

However, it has the following problems:

- it doesn't check whether the CRL is valid,
  doesn't check that it has a valid signature

  PSM does check that.
  Function SEC_NewCrl requires that the CRL has been checked before import.

  I wonder where PKIX is doing that check currently.
  Couldn't find it yet.

- we probably need to free the object returned by SEC_NewCrl ?
  using SEC_DestroyCrl() ?
Blocks: psm-pkix
This bug is a dupe of a much older one, IINM
Whiteboard: DUPE-ME
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: