Closed
Bug 232738
Opened 21 years ago
Closed 21 years ago
PKITS test 4.7.5 fails, NSS ignores non-critical Key Usage extensions
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: nelson, Assigned: nelson)
Details
Attachments
(1 file)
|
1.93 KB,
patch
|
julien.pierre
:
review+
|
Details | Diff | Splinter Review |
RFC 3280 says that implementations MUST honor Key Usage extensions, whether or not they are critical. NSS ignores non-critical Key Usage extensions, and so fails PKITS test 4.7.5. Patch forthcoming.
|
Assignee | |
Comment 1•21 years ago
|
||
With this patch, NSS will no longer ignore non-critical key usage extensions. It is POSSIBLE that some web sites and some email certs will stop working, because they have key usage extensions in their CA certs that say that their CA certs cannot be used for the purposes for which they use them. Those formerly worked, because NSS ignored the non-critical key usage extension. Now, when NSS enforces it, users whose certs never should have worked will stop working. But it's the right thing to do.
|
|
Assignee | |
Comment 3•21 years ago
|
||
Comment on attachment 140306 [details] [diff] [review] patch v1 Please review this patch after reading the bug comments. Thanks.
Attachment #140306 -
Flags: review?(jpierre)
|
||
Updated•21 years ago
|
Attachment #140306 -
Flags: review?(jpierre) → review+
|
|
Assignee | |
Comment 4•21 years ago
|
||
/cvsroot/mozilla/security/nss/lib/certdb/certv3.c,v <-- certv3.c new revision: 1.7; previous revision: 1.6
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Priority: -- → P2
Resolution: --- → FIXED
Target Milestone: --- → 3.10
You need to log in
before you can comment on or make changes to this bug.
Description
•