Closed
Bug 1023605
Opened 10 years ago
Closed 10 years ago
mozilla::pkix should only accept Generalized times that conform to RFC 5280 section 4.1.2.5.2
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1043041
People
(Reporter: cviecco, Unassigned)
Details
ASN1 (ITU-T X.680) allows many types of encodings for Generalized times however for both certificates and ocsp responses the rfc specify a single valid encoding. From RFC 5280 section 4.1.2.5.2: For the purposes of this profile, GeneralizedTime values MUST be expressed in Greenwich Mean Time (Zulu) and MUST include seconds (i.e., times are YYYYMMDDHHMMSSZ), even where the number of seconds is zero. GeneralizedTime values MUST NOT include fractional seconds. And from from RFC 6960 (OCSP) section 4.2.2.1: Responses can contain four times -- thisUpdate, nextUpdate, producedAt, and revocationTime. The semantics of these fields are defined in Section 2.4. The format for GeneralizedTime is as specified in Section 4.1.2.5.2 of [RFC5280]. We currently accept encodings using local time and not including seconds
Comment 1•10 years ago
|
||
This was fixed as part of the time-parsing rewrite in bug 1043041.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•