Closed
Bug 1338194
Opened 7 years ago
Closed 7 years ago
Reject ECDSA server certificates that don't include 'digitalSignature' keyUsage
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: ttaubert, Assigned: ttaubert)
Details
This bug is about BoGo test ECDSAKeyUsage-TLS1*. When a keyUsage extension is defined for an ECDSA server certificate we should check that it contains the 'digitalSignature' bit. If a server tries to use an ECDH certificate for ssl_auth_ecdsa suites we should reject it.
Assignee | ||
Comment 1•7 years ago
|
||
https://nss-review.dev.mozaws.net/D202
Assignee | ||
Updated•7 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•