Closed
Bug 705265
Opened 13 years ago
Closed 13 years ago
SSLServerCertVerification::AuthCertificate invokes full validation twice
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
DUPLICATE
of bug 650307
People
(Reporter: mayhemer, Unassigned)
Details
(Keywords: perf)
During review of patch for bug 674147 I've discovered we do the full server cert verification two times:
SSLServerCertVerification::AuthCertificate (formerly AuthCertificateCallback) calls PSM_SSL_PKIX_AuthCertificate -> CERT_PKIXVerifyCert and just few lines bellow calls GetIsExtendedValidation -> getValidEVOidTag -> hasValidEVOidTag -> CERT_PKIXVerifyCert.
Call to CERT_PKIXVerifyCert invokes all OCSP requests and all the work to verify the certificate.
Not sure on the solution here, one way could be to encapsulate the verification (call to CERT_*VerifyCert) in nsNSSCertificate and let it cache the result for some time for further use.
Reporter | ||
Comment 1•13 years ago
|
||
And a side note: introduced in bug 406755, worth reading: https://bugzilla.mozilla.org/show_bug.cgi?id=406755#c61
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•