Closed
Bug 390525
Opened 17 years ago
Closed 17 years ago
libpkix treats CRL nextUpdate time as an expiration time
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 390502
3.12
People
(Reporter: stevepnscp, Assigned: alvolkov.bgs)
Details
(Whiteboard: PKIX)
pkix_pl_crl.c:
727 PKIX_CRL_DEBUG("\t\tCalling DER_DecodeTimeChoice on nextUpdate\n");
728 status = DER_DecodeTimeChoice(&nextUpdate, &(nssCrl->nextUpdate));
729 if (status != SECSuccess) {
730 PKIX_ERROR(PKIX_DERDECODETIMECHOICEFORNEXTUPDATEFAILED);
(gdb)
731 }
This causes the CRL to be rejected. In debug builds, DER_DecodeTimeChoice
assert()s.
nextUpdate is technically OPTIONAL as far as the ASN.1 goes, but
mandatory in RFC 3280:
This profile requires inclusion of nextUpdate in all CRLs issued by
conforming CRL issuers. Note that the ASN.1 syntax of TBSCertList
describes this field as OPTIONAL, which is consistent with the ASN.1
structure defined in [X.509]. The behavior of clients processing
CRLs which omit nextUpdate is not specified by this profile.
Does that make this NOTABUG?
|
Assignee | |
Comment 1•17 years ago
|
||
I've run into this bug while running all.sh. I have patch that fixes this bug.
|
|
Assignee | |
Updated•17 years ago
|
Whiteboard: PKIX
|
|
Assignee | |
Updated•17 years ago
|
Assignee: nobody → alexei.volkov.bugs
Priority: -- → P1
Target Milestone: --- → 3.12
|
||
Updated•17 years ago
|
Summary: libpkix treats CRL nextUpdate time as mandatory → libpkix treats CRL nextUpdate time as an expiration time
|
|
Assignee | |
Updated•17 years ago
|
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•