зеркало из https://github.com/mozilla/gecko-dev.git
78b4f0d3f1
Loading an accumulated set of crlite stashes can take some time. To address this, this patch dispatches an asynchronous background task to read the accumulated set of crlite stashes in a way that doesn't block certificate verification. Of course, this means that the stash information won't necessarily be available for the first few verifications. This shouldn't be a security concern as long as the crlite filter is no more than 10 days out of date (the maximum lifespan of an OCSP response, which is what Firefox relies on currently in release). Note that currently crlite filters as published by remote settings regularly end up being more than 10 days old, which will be addressed in https://github.com/mozilla/crlite/issues/153. Note further that crlite is currently not being enforced by default on any channel, so making this change now is not a security concern. Differential Revision: https://phabricator.services.mozilla.com/D104447 |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| ct | ||
| mac/hardenedruntime | ||
| manager | ||
| nss | ||
| sandbox | ||
| .eslintrc.js | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||