Closed Bug 221743 Opened 21 years ago Closed 21 years ago

certificate usage macro mismatch in CERT_VerifyCertificate

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: norikoyasuo, Assigned: julien.pierre)

Details

Attachments

(1 file)

fix
737 bytes, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)

Attached code is a part of CERT_VerifyCertificate.  The underlined macro is from
CERT_VerifyCert family, which is enum (certUsageSSLServer == 1); while
certificateUsage family is bit map based.  I checked it in nss3.7 as well as 3.8
and both have the same code.  Could it be certificateUsageSSLServer by any chance?

"certvfy.c"
1211 SECStatus
1212 CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert,
1213         PRBool checkSig, SECCertificateUsage requiredUsages, int64 t,
1214         void *wincx, CERTVerifyLog *log, SECCertificateUsage* returnedUsages)
1215 {
                [...]
1257
1258     /* make sure that the cert is valid at time t */
1259     allowOverride = (PRBool)((requiredUsages & certUsageSSLServer) ||
                                                    ==================
1260                              (requiredUsages &
certificateUsageSSLServerWithStepUp));
1261     validity = CERT_CheckCertValidTimes(cert, t, allowOverride);
1262     if ( validity != secCertTimeValid ) {
1263         LOG_ERROR(log,cert,0,validity);
1264         return SECFailure;
1265     }

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Noriko, I think you are right.

Julien, could you fix this?
Assignee: wchang0222 → jpierre
Status: UNCONFIRMED → NEW
Ever confirmed: true
Attached patch fixSplinter Review 

    
    

    
  
Yes, indeed there is a bug there. 

Fixed in 3.9 :

Checking in certvfy.c;
/cvsroot/mozilla/security/nss/lib/certhigh/certvfy.c,v  <--  certvfy.c
new revision: 1.37; previous revision: 1.36
done
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: