Confirm
238
edits
Changes
→The Plan
Matt Wobensmith just completed compatibility-testing of 200k HTTPS sites and found 16 with issues. These are being investigated.
=== The Plan Implementation status ===Some work remains on mozilla::pkix. We have broken this work into two parts: prerequisites for it to be enabled by default on Nightly, and prerequisites for it to be enabled by default on Beta and then Release. There is not enough bake time left on Nightly 30, so Nightly 31 will be the first version with this on by default.
Remaining bugs:
# Add low-level OCSP unit tests: {{Bug|916629}} (:briansmith, :st3fan)
# Test that results from the certificate database are interpreted correctly: {{Bug|966820}} (:cviecco)
# Expand EKU (extended key usage) tests: {{Bug|970470}} (:cviecco)
# Add backoff for OCSP requests when the responder fails: {{bug|977865}} (:keeler) [this may take a week or two]
# Enforce consistent handling of isCA bit and certSign/crlSign key usages: {{bug|970196}} (:briansmith)
# Improve error handling in VerifyEncodedOCSPResponse: {{bug|977870}} (:keeler) [code written - needs review]
# Document functions exported from the library: {{bug|968451}} (:briansmith)
For more details, see the dependency trees for {{bug|915930}} and {{bug|976961}}, respectively.
