Closed Bug 403682 Opened 17 years ago Closed 17 years ago

CERT_PKIXVerifyCert never succeeds

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

(Whiteboard: PKIX NSS312B1)

Attachments

(1 file)

Patch v1
775 bytes, patch
alvolkov.bgs
: review+
Details | Diff | Splinter Review 
When attempting to verify Paypal's cert for EV, I was calling PKIX_VerifyCert.

Even when called with minimal options, the function returned a verification failure.

It turns out the implementation of PKIX_VerifyCert missed to pass on the requested usage to the context object... What an obvious and unnecessary mistake. It took me 1.5 days of tracing through libpkix internals to understand where this failed.
Assignee: nobody → kengert
Attached patch Patch v1Splinter Review 

        Attachment #288549 -
        Flags: review?(rrelyea)
Severity: normal → major
Priority: -- → P1
Whiteboard: PKIX NSS312B1
Target Milestone: --- → 3.12

    
    

    
  
Comment on attachment 288549 [details] [diff] [review]
Patch v1

r=alexei

        Attachment #288549 -
        Flags: review?(rrelyea) → review+

    
  
Summary: PKIX_VerifyCert never succeeds → CERT_PKIXVerifyCert never succeeds

    
    

    
  
fixed
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED

    
    

    
  
> What an obvious and unnecessary mistake. 

As opposed to a necessary mistake?  :)

    
    

    
  
(In reply to comment #4)
> > What an obvious and unnecessary mistake. 
> 
> As opposed to a necessary mistake?  :)

It was obvious that this function must care for the usage parameter, which we changed in the design phase to be an always-required parameter. It frustrated me to see it got silently ignored and that I wasted so much time to finding this . Sorry for ranting, I felt better afterwards :-)
I'm making mistakes, too, so I'll shut up now :-)



          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: