зеркало из https://github.com/mozilla/gecko-dev.git
6ea4fb08d4
OCSP requests cannot be performed on the main thread. If we were to wait for a response from the network, we would be blocking the main thread for an unnaceptably long time. If we were to spin the event loop while waiting (which is what we do currently), other parts of the code that assume this will never happen (which is essentially all of them) can break. As of bug 867473, no certificate verification happens on the main thread, so no OCSP requests happen on the main thread. Given this, we can go ahead and prohibit such requests. Incidentally, this gives us an opportunity to improve the current OCSP implementation, which has a few drawbacks (the largest of which is that it's unclear that its ownership model is implemented correctly). This also removes OCSP GET support. Due to recent OCSP server implementations (namely, the ability to cache OCSP POST request responses), OCSP GET is not a compelling technology to pursue. Furthermore, continued support presents a maintenance burden. MozReview-Commit-ID: 4ACDY09nCBA --HG-- extra : rebase_source : 072564adf1836720e147b8250afca7cebe4dbf62 |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| manager | ||
| nss | ||
| pkix | ||
| sandbox | ||
| .eslintrc.js | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||