зеркало из https://github.com/mozilla/gecko-dev.git
ee42c3c5ed
Before this patch, if the enterprise roots feature were enabled, nsNSSComponent would gather any such roots and temporarily import them into NSS so that CertVerifier could use them during path building and trust querying. This turned out to be problematic in part because doing so would require unlocking the user's key DB if they had a password. This patch implements a scheme whereby nsNSSComponent can give these extra roots directly to CertVerifier, thus bypassing NSS and any need to unlock/modify any DBs. This should also provide a path forward for other improvements such as not repeatedly searching through all certificates on all tokens, which has inefficiencies (see e.g. bug 1478148). Differential Revision: https://phabricator.services.mozilla.com/D18156 --HG-- extra : moz-landing-system : lando |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| ct | ||
| manager | ||
| nss | ||
| sandbox | ||
| .eslintrc.js | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||