Closed
Bug 531160
Opened 15 years ago
Closed 12 years ago
libpkix ignores the P (trusted peer) trust flag
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 647364
3.13.3
People
(Reporter: wtc, Assigned: wtc)
Details
I created a self-signed server certificate and added it to my NSS certificate database with the "P,," trust flags. This allows CERT_VerifyCertNow to verify the certificate successfully. However, CERT_PKIXVerifyCert still fails with the SEC_ERROR_UNKNOWN_ISSUER error (-8179). I have to set the "C,," trust flags to make CERT_PKIXVerifyCert succeed, but trusting a self-signed server certificate as a CA ('C' means "trusted CA to issue server certificates") gives more trust to the certificate than necessary.
Comment 1•14 years ago
|
||
I'm using this for a specific domain's self signed certificate. Does anyone know if the "C" flag allows the domain to sign arbitrary other domains, like gmail.com? Thanks, Nicholas
Comment 2•14 years ago
|
||
Nicholas, questions like yours should be asked in mozilla.dev.tech.crypto newsgroup or dev-tech-crypto mailing list.
Assignee | ||
Comment 3•12 years ago
|
||
Marked this bug as a duplicate even though this bug was filed first. The other bug has more info.
Assignee: nobody → wtc
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
Target Milestone: --- → 3.13.3
You need to log in
before you can comment on or make changes to this bug.
Description
•