Open
Bug 1338954
Opened 7 years ago
Updated 6 months ago
NSS accepts an invalid version 1 certificate with subject UID
Categories
(NSS :: Tools, defect, P3)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: chenchu, Unassigned)
Details
(Whiteboard: [nss-triage])
Attachments
(1 file)
2.00 KB,
application/x-rar
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 Steps to reproduce: VERSIONS: NSS Version: [3.27] Operating System: [Ubuntu v1604-LTS x64] REPRODUCTION STEPS: 1. Open the terminal of Unbuntu and create a certificate database: certutil -N -d ./ (Note: press Enter to skip inputing password) 2. Add a CA certificate to the new certificate database: certutil -A -i basicCA.pem -n ca -t "CT,C,C" -d ./ (Note: basiceCa.pem is one of attachements) 3. Add a end entity certificate (EEC) to the the new certificate database: certutil -A -i 5.pem -n 1 -t ",," -d ./ (Note: 5.pem is another of attachements) 4. Verify the EEC: certutil -V -n 5 -d ./ -u S Actual results: certutil: certificate is valid Expected results: As for the certificate "5.pem", it has the field "subject unique identifier". Therefore, its version should be v2 or v3 but its version is v1. Hence, it should be rejected.
The third step to reproduce should be: certutil -A -i 5.pem -n 5 -t ",," -d ./
Updated•2 years ago
|
Severity: normal → S3
Updated•6 months ago
|
Priority: -- → P3
Whiteboard: [nss-triage]
You need to log in
before you can comment on or make changes to this bug.
Description
•