Closed Bug 705265 Opened 13 years ago Closed 13 years ago

SSLServerCertVerification::AuthCertificate invokes full validation twice

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 650307

People

(Reporter: mayhemer, Unassigned)

Details

(Keywords: perf)

During review of patch for bug 674147 I've discovered we do the full server cert verification two times: SSLServerCertVerification::AuthCertificate (formerly AuthCertificateCallback) calls PSM_SSL_PKIX_AuthCertificate -> CERT_PKIXVerifyCert and just few lines bellow calls GetIsExtendedValidation -> getValidEVOidTag -> hasValidEVOidTag -> CERT_PKIXVerifyCert. Call to CERT_PKIXVerifyCert invokes all OCSP requests and all the work to verify the certificate. Not sure on the solution here, one way could be to encapsulate the verification (call to CERT_*VerifyCert) in nsNSSCertificate and let it cache the result for some time for further use.
And a side note: introduced in bug 406755, worth reading: https://bugzilla.mozilla.org/show_bug.cgi?id=406755#c61
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.