Closed
Bug 221743
Opened 21 years ago
Closed 21 years ago
certificate usage macro mismatch in CERT_VerifyCertificate
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: norikoyasuo, Assigned: julien.pierre)
Details
Attachments
(1 file)
737 bytes,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) Attached code is a part of CERT_VerifyCertificate. The underlined macro is from CERT_VerifyCert family, which is enum (certUsageSSLServer == 1); while certificateUsage family is bit map based. I checked it in nss3.7 as well as 3.8 and both have the same code. Could it be certificateUsageSSLServer by any chance? "certvfy.c" 1211 SECStatus 1212 CERT_VerifyCertificate(CERTCertDBHandle *handle, CERTCertificate *cert, 1213 PRBool checkSig, SECCertificateUsage requiredUsages, int64 t, 1214 void *wincx, CERTVerifyLog *log, SECCertificateUsage* returnedUsages) 1215 { [...] 1257 1258 /* make sure that the cert is valid at time t */ 1259 allowOverride = (PRBool)((requiredUsages & certUsageSSLServer) || ================== 1260 (requiredUsages & certificateUsageSSLServerWithStepUp)); 1261 validity = CERT_CheckCertValidTimes(cert, t, allowOverride); 1262 if ( validity != secCertTimeValid ) { 1263 LOG_ERROR(log,cert,0,validity); 1264 return SECFailure; 1265 } Reproducible: Always Steps to Reproduce: 1. 2. 3.
Comment 1•21 years ago
|
||
Noriko, I think you are right. Julien, could you fix this?
Assignee: wchang0222 → jpierre
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 2•21 years ago
|
||
Assignee | ||
Comment 3•21 years ago
|
||
Yes, indeed there is a bug there. Fixed in 3.9 : Checking in certvfy.c; /cvsroot/mozilla/security/nss/lib/certhigh/certvfy.c,v <-- certvfy.c new revision: 1.37; previous revision: 1.36 done
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•