Comment #2 on issue 5699 by [email protected]: X509Certificate::Cache should not use a certificate's fingerprint alone as the key for its std::map. http://code.google.com/p/chromium/issues/detail?id=5699
Dan, your CalculateFingerprint in http://codereview.chromium.org/14490/diff/412/612 also calculates the SHA-1 hash of the certificate's bytes, so it is the same as the Windows code. NSS's CERTCertificate structure also has properties, such as the 'isperm', 'istemp', and 'slot' fields, that may differ between copies of the same certificate: http://mxr.mozilla.org/security/ident?i=CERTCertificateStr The Windows CERT_CONTEXT structure is reference counted even though it doesn't have a refcount field. I verified that CertDuplicateCertificateContext always returns the input argument. NSS's CERTCertificate structure is reference counted: http://mxr.mozilla.org/security/ident?i=CERT_DupCertificate My mentioning of the OS certificate types being reference counted might have made my point unclear. My point is: 1. We throw away certificate properties/metadata if our cache uses a certificate's bytes or fingerprint as the key. 2. So we have to use OSCertHandle as the key. We need to be correct first. 3. This may lead to duplicate certificate data in the system crypto libraries if they do not cache certificates. I suspect they cache certificates because their certificate types are reference counted, but am not sure. We may also need to tweak our code to cause the system crypto libraries to use cached certificates. 4. So I'd like to make X509Certificate a thin wrapper around OSCertHandle, which requires computing the subject, issuer, valid_start_, and valid_expiry_ values in the getters. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
