-
David Keeler authored
nsIX509Cert provided the APIs getUsagesArray, requestUsagesArrayAsync, and getUsagesString. These APIs were problematic in that the synchronous ones would cause certificate verification to block the main thread and the asynchronous one was needlessly indirect in its definition (it made use of two additional special-case xpidl types) and needlessly complex in its implementation (it required nsNSSComponent to manually manage a background thread without the aid of recent improvements in that area (e.g. CryptoTask)). Furthermore, these APIs would return string descriptions of the usages the certificate in question had been verified for rather than using more concrete identifiers or values. This paradigm is usable but imprecise. The new nsIX509CertDB API asyncVerifyCertAtTime is much more expressive, enforces off-main-thread computation, and makes use of CryptoTask for a simple implementation. Using this API, previous uses of the old nsIX509Cert APIs can be replaced. As an additional benefit, this removes a ton of obsolete C++ code. MozReview-Commit-ID: KXVTcjAKehu --HG-- extra : rebase_source : 50c51f73b2b61ed0ad4dc9702cc5df470ce998bc
56d2f86c