Closed Bug 1338194 Opened 7 years ago Closed 7 years ago

Reject ECDSA server certificates that don't include 'digitalSignature' keyUsage

Tracking

(Not tracked)

Status:

RESOLVED WONTFIX

People

(Reporter: ttaubert, Assigned: ttaubert)

Details

Tim Taubert [:ttaubert] (inactive)

Assignee

Description

•

7 years ago

This bug is about BoGo test ECDSAKeyUsage-TLS1*. When a keyUsage extension is defined for an ECDSA server certificate we should check that it contains the 'digitalSignature' bit. If a server tries to use an ECDH certificate for ssl_auth_ecdsa suites we should reject it.

Tim Taubert [:ttaubert] (inactive)

Assignee

Comment 1

•

7 years ago

https://nss-review.dev.mozaws.net/D202

Tim Taubert [:ttaubert] (inactive)

Assignee

Updated

•

7 years ago

Status: ASSIGNED → RESOLVED

Closed: 7 years ago

Resolution: --- → WONTFIX

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Reject ECDSA server certificates that don't include 'digitalSignature' keyUsage

Categories

(NSS :: Libraries, defect)

Tracking

(Not tracked)

People

(Reporter: ttaubert, Assigned: ttaubert)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated