Mozilla Company
Chitupa chekuongorora uchishandisa ekunze masevhisi zvichienderana neprotocol ichiri kushandiswa
Kuvharisa zvitupa zvakakanganisika uye kubviswa nevakuru vezvitupa, Firefox yakashandisa runyoro rwepakati kubva 2015.
Nekumisikidza, kana zvisingaite kuratidza kuburikidza neOCSP, bhurawuza rinoona chitupa chinoshanda. Iyo sevhisi inogona kunge isingawanikwe nekuda kwezvinetso zvenetiweki uye zvirambidzo pamanetiweki emukati, kana kuvharwa nevanorwisa - kunzvenga cheki yeOCSP panguva yekurwiswa kweMITM, kungovhara kupinda kune cheki sevhisi. Muchidimbu kudzivirira kurwiswa kwakadaro, nzira yakashandiswa
CRLite inokutendera kuti ubatanidze ruzivo rwakakwana nezvese zvitupa zvakabviswa muchimiro chakagadziridzwa, chete 1 MB muhukuru, izvo zvinoita kuti zvikwanise kuchengetedza yakazara CRL dhatabhesi padivi revatengi.
Iyo bhurawuza ichakwanisa kuwiriranisa kopi yayo yedata nezve zvakabviswa zvitupa zuva nezuva, uye iyi dhatabhesi ichave iripo mune chero mamiriro.
CRLite inosanganisa ruzivo kubva
Kubvisa manyepo enhema, CRLite yakaunza mamwe ekugadzirisa mafirita mazinga. Mushure mekugadzira chimiro, zvese zvinyorwa zvinyorwa zvinotsvaga uye chero nhema dzenhema dzinozivikanwa. Zvichienderana nemhedzisiro yecheki iyi, imwezve chimiro inogadzirwa, iyo inokandwa pane yekutanga uye inogadzirisa zvinokonzeresa zvenhema. Kuvhiyiwa kunodzokororwa kusvikira zviratidzo zvenhema panguva yekuongorora cheki zvakabviswa zvachose. Kazhinji, kugadzira 7-10 mitsara inokwana kuvhara zvachose data rese. Sezvo mamiriro edhatabhesi, nekuda kwekuwiriranisa nguva nenguva, inosara zvishoma kuseri kweiyo CRL mamiriro, kutarisa zvitupa zvitsva zvakaburitswa mushure mekuvandudzwa kwekupedzisira kweCRLIte dhatabhesi kunoitwa pachishandiswa OCSP protocol, kusanganisira kushandisa
Uchishandisa mafirita eBloom, chikamu chaDecember cheruzivo kubva kuWebPKI, chinovhara mamirioni zana anoshanda zvitupa uye zviuru mazana manomwe nemakumi mashanu zvitupa zvakadzorwa, zvakakwanisa kurongedzerwa muchimiro che 100 MB muhukuru. Iyo dhizaini yekugadzira maitiro yakanyanya-yakawanda-yakawanda, asi inoitwa paMozilla server uye mushandisi anopihwa yakagadzirira-yakagadziridzwa update. Semuenzaniso, mune yebhinari fomu, iyo sosi data inoshandiswa panguva yechizvarwa inoda inenge gumi nematanhatu GB yendangariro kana yachengetwa muRedis DBMS, uye mune hexadecimal fomu, kuraswa kwese serial nhamba dzechitupa kunotora anenge 750 GB. Maitiro ekuunganidza ese akabviswa uye anoshanda zvitupa anotora anenge maminetsi makumi mana, uye maitiro ekugadzira akaputirwa chimiro akavakirwa paBloom sefa anotora mamwe maminetsi makumi maviri.
Mozilla parizvino inova nechokwadi chekuti CRLite dhatabhesi inovandudzwa kana pazuva (kwete zvese zvinogadziridzwa zvinounzwa kune vatengi). Chizvarwa che delta inogadziridza haisati yaitwa - kushandiswa kwe bsdiff4, inoshandiswa kugadzira delta zvigadziriso zvekuburitswa, haipe kunyatsoshanda kweCRLIte uye zvigadziriso zvakakura zvisingaite. Kuti ubvise iyi dhizaini, zvakarongwa kugadzirisazve chimiro chechimiro chekuchengetedza kubvisa kusingakoshi kuvakazve uye kubviswa kwezvikamu.
CRLite parizvino inoshanda muFirefox mune passive mode uye inoshandiswa mukufambirana neOCSP kuunganidza nhamba nezvekushanda chaiko. CRLite inogona kuchinjirwa kuita main scan mode; kuti uite izvi, unofanirwa kuseta parameter security.pki.crlite_mode = 2 in about:config.
Source: opennet.ru