Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecureSocket should use different certificate stores on different isolates #12491

Closed
nex3 opened this issue Aug 15, 2013 · 7 comments
Closed

SecureSocket should use different certificate stores on different isolates #12491

nex3 opened this issue Aug 15, 2013 · 7 comments
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. library-io P3 A lower priority bug or feature request type-enhancement A request for a change that isn't a bug

Comments

@nex3
Copy link
Member

nex3 commented Aug 15, 2013

According to sgjesse's comment on issue #8227, SecureSocket shares a certificate store across all isolates. This violates the principle of isolation between isolates, as well as making issue #8227 unfixable. Each isolate should have its own certificate store that's independent of that in other isolates.
@sgjesse
Copy link
Contributor

sgjesse commented Aug 19, 2013

Marked this as blocking #8227.

@sgjesse
Copy link
Contributor

sgjesse commented Aug 19, 2013

Currently NSS does not support initialization more that once, and the database is process wide. There might be some work on changing this, see https://wiki.mozilla.org/NSS_Library_Init.

Added this to the Later milestone.
Removed Priority-Unassigned label.
Added Priority-Low, Waiting labels.

@kevmoo
Copy link
Member

kevmoo commented May 14, 2014

Removed Area-IO label.
Added Library-IO, Area-Library labels.

@kasperl
Copy link

kasperl commented Jul 10, 2014

Removed this from the Later milestone.
Added Oldschool-Milestone-Later label.

@kasperl
Copy link

kasperl commented Aug 4, 2014

Removed Oldschool-Milestone-Later label.

@sgjesse
Copy link
Contributor

sgjesse commented Mar 24, 2015

We are currently working on moving from using NSS to using BoringSSL, which have more options for handling different certificate collections.

cc @whesse.
Removed Type-Defect label.
Added Type-Enhancement label.

@nex3 nex3 added Type-Enhancement P3 A lower priority bug or feature request library-io area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. labels Mar 24, 2015
@nex3 nex3 mentioned this issue Jun 4, 2015
Closed
@whesse
Copy link
Member

whesse commented Sep 2, 2015

The switch to BoringSSL has happened, and all certificates are set on a SecurityContext, which is local to a single isolate. This is in version 1.13, which is currenly on the dev channel, and will be on the stable channel in a couple of months.

@whesse whesse closed this as completed Sep 2, 2015
@kevmoo kevmoo added type-enhancement A request for a change that isn't a bug and removed type-enhancement labels Mar 1, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. library-io P3 A lower priority bug or feature request type-enhancement A request for a change that isn't a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nex3 @kevmoo @sgjesse @kasperl @whesse