106
edits
NSS:Revocation API Proposals: Difference between revisions
Improve section labels
(Added Proposal 4) |
(Improve section labels) |
||
| Line 72: | Line 72: | ||
===Parameter 1:=== | ===Parameter 1: Fetch revocation info ?=== | ||
Which actions are allowed that might hit the network? | Which actions are allowed that might hit the network? | ||
| Line 94: | Line 94: | ||
===Parameter 2:=== | ===Parameter 2: Prefer OCSP or CRLs ?=== | ||
Does the caller have a preference which network actions should be preferred | Does the caller have a preference which network actions should be preferred | ||
(tried first)? | (tried first)? | ||
| Line 115: | Line 115: | ||
</pre> | </pre> | ||
===Parameter 3:=== | ===Parameter 3: Check whole chain or leaf only ?=== | ||
When verifying the chain for a cert, which parts of the chain may trigger | When verifying the chain for a cert, which parts of the chain may trigger | ||
| Line 128: | Line 128: | ||
</pre> | </pre> | ||
===Parameter 4:=== | ===Parameter 4: Fail hard or Fail soft ?=== | ||
By default, all performed tests are allowed to fail without being able to | By default, all performed tests are allowed to fail without being able to | ||
| Line 162: | Line 162: | ||
</pre> | </pre> | ||
===Parameter 5:=== | ===Parameter 5: Check only if extension present ?=== | ||
Even if a test mechanism is allowed to hit the network, it may not be possible | Even if a test mechanism is allowed to hit the network, it may not be possible | ||
| Line 205: | Line 205: | ||
In other words: | In other words: | ||
CERT_REV_DOWNLOAD_LEAF_FAIL_SOFT | * CERT_REV_DOWNLOAD_LEAF_FAIL_SOFT implies ignore CERT_REV_SOURCE_MISSING_LEAF_* | ||
* CERT_REV_DOWNLOAD_CHAIN_FAIL_SOFT implies ignore CERT_REV_SOURCE_MISSING_CHAIN_* | |||
CERT_REV_DOWNLOAD_CHAIN_FAIL_SOFT | |||
===Official EV revocation checking=== | ===Official EV revocation checking=== | ||