Closed
Bug 101038
Opened 23 years ago
Closed 22 years ago
deltaCRL being treated as full CRL
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.2
People
(Reporter: cfu, Assigned: rangansen)
References
Details
This is a bug that PSM treats a deltaCRL as a full CRL. It ignores the criticality of the delta CRL extension. Here is how to reproduce: 0. get a new profile 1. to get a cert, go to http://cfu [Enrollment] [Directory] to enroll for a cert. uid="test1", password="test1". 2. to revoke the cert, go to https://cfu [Revocation] and revoke the test1 cert 3. wait 20+ minutes, go to http://cfu [Retrieval][import crl], "Display the CRL information," select "deltaCRL", you should see your cert in there. 4. go to http://cfu [Retrieval][import crl] and "Import the latest deltaCRL to your browser. when I "Manage Cerfificates" on N6, I expect to see the cert just revoked to be "verified", because N6 currently does not understand deltaCRL, and thus should detact the criticality of the extension and leave it; however, I saw the cert NOT verified, which tells me that N6 is not doing the right thing, and worse, is treating a deltaCRL as a full CRL. FYI, it has been confirmed that the binary imported into the browser indeed is a deltaCRL with "critical" bit turned on.
Reporter | ||
Comment 1•23 years ago
|
||
a few things to ponder: we could A. at download, detect the unrecognized extension, and just throw it away and tell user that it's not viable or B. allow to download, but not use it.
Comment 2•23 years ago
|
||
->rangan
Assignee: ssaux → rangansen
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P1
Target Milestone: --- → Future
Assignee | ||
Comment 3•23 years ago
|
||
Actually, NSS does not handle/support delta CRLs right now. So, what should happen is that a delta CRL should never the allowed to be imported unless they are supported [Bug# 103946]. Making this bug depend on 103946.
Depends on: 103946
Assignee | ||
Updated•23 years ago
|
Status: NEW → ASSIGNED
Target Milestone: Future → 2.2
Comment 6•22 years ago
|
||
I think this bug has been fixed because the underlying NSS bug 103946 has been fixed. NSS and PSM still don't recognize delta CRLs, but they no longer treat delta CRLs as full CRLs.
Assignee | ||
Comment 7•22 years ago
|
||
I think so - it doesn't let me download delta crls any more..
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•