[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7388) [PATCH] MozNSS: ignore certdb 'sql:' prefix when checking directory existence

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7388) [PATCH] MozNSS: ignore certdb 'sql:' prefix when checking directory existence
From: hyc@symas.com
Date: Fri, 14 Sep 2012 16:11:37 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

jvcelak@redhat.com wrote:
> Full_Name: Jan Vcelak
> Version: git master
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/jvcelak-20120914-moznss-ignore-certdb-sql-prefix-when-checking-existence.patch
> Submission from: (NULL) (209.132.186.34)
> 
> 
> Mozilla NSS certificate database in newer SQL format could not be used with
> OpenLDAP, because the 'sql:' prefix is not removed while checking for the
> existence of the directory.
> 
> The attached patch resolves this problem.

The patch looks syntactically correct. But SQL, seriously? As if TLS
handshakes weren't slow enough already, you want to slow them down even
further by looking up certs in an SQL database?

Aside from questioning the wisdom of such an inefficient approach, there are
other philosophical problems with this patch. It seems to be just the latest
in a continuing stream of one-off patches. Are we going to get yet another
special case patch from you guys when some other new certDB type comes along?

This approach is unmaintainable and does nothing to inspire confidence in the
quality of thinking going into this code.

You're working on a security library. We expect a lot better thought to go
into these things.

> Steps to reproduce are described in Red Hat bugzilla:
> https://bugzilla.redhat.com/show_bug.cgi?id=857373
> 
> 
> The attached file is derived from OpenLDAP Software. All of the modifications to
> OpenLDAP Software represented in the following patch(es) were developed by Red
> Hat. Red Hat has not assigned rights and/or interest in this work to any party.
> I, Jan Vcelak am authorized by Red Hat, my employer, to release this work under
> the following terms. 
> 
> Red Hat hereby place the following modifications to OpenLDAP Software (and only
> these modifications) into the public domain. Hence, these modifications may be
> freely used and/or redistributed for any purpose with or without attribution
> and/or other notice. 
> 
> 

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#7390) slapschema crashes with rwm-rewriteMap slapd
Next by Date: Re: (ITS#7390) slapschema crashes with rwm-rewriteMap slapd
Index(es):
- Chronological
- Thread