deltaCRL being treated as full CRL

VERIFIED FIXED in psm2.2

Status

P1
normal
VERIFIED FIXED
18 years ago
2 years ago

People

(Reporter: cfu, Assigned: rangansen)

Tracking

1.0 Branch
psm2.2
x86
Windows 2000

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

18 years ago
This is a bug that PSM treats a deltaCRL as a full CRL.  It ignores the
criticality of the delta CRL extension.
Here is how to reproduce:
0. get a new profile
1. to get a cert, go to http://cfu [Enrollment] [Directory] to enroll for a
cert. uid="test1", password="test1".
2. to revoke the cert, go to https://cfu [Revocation] and revoke the test1 cert
3. wait 20+ minutes, go to http://cfu [Retrieval][import crl], "Display the CRL
information," select "deltaCRL", you should see your cert in there.
4. go to http://cfu [Retrieval][import crl] and "Import the latest deltaCRL to
your browser.

when I "Manage Cerfificates" on N6, I expect to see the cert just revoked to be
"verified", because N6 currently does not understand deltaCRL, and thus should
detact the criticality of the extension and leave it; however, I saw the cert
NOT verified, which tells me that N6 is not doing the right thing, and worse, is
treating a deltaCRL as a full CRL.

FYI, it has been confirmed that the binary imported into the browser indeed is a
deltaCRL with "critical" bit turned on.
(Reporter)

Comment 1

18 years ago
a few things to ponder:
we could
A. at download, detect the unrecognized extension, and just throw it away and
tell user that it's not viable
or
B. allow to download, but not use it.

Comment 2

18 years ago
->rangan
Assignee: ssaux → rangansen
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P1
Target Milestone: --- → Future
(Assignee)

Comment 3

17 years ago
Actually, NSS does not handle/support delta CRLs right now. So, what should
happen is that a delta CRL should never the allowed to be imported unless they
are supported [Bug# 103946]. Making this bug depend on 103946.
Depends on: 103946
(Assignee)

Comment 4

17 years ago
*** Bug 95640 has been marked as a duplicate of this bug. ***
(Assignee)

Updated

17 years ago
Status: NEW → ASSIGNED
Target Milestone: Future → 2.2
(Assignee)

Comment 5

17 years ago
*** Bug 95469 has been marked as a duplicate of this bug. ***

Comment 6

17 years ago
I think this bug has been fixed because the underlying NSS
bug 103946 has been fixed.

NSS and PSM still don't recognize delta CRLs, but they no
longer treat delta CRLs as full CRLs.
(Assignee)

Comment 7

17 years ago
I think so - it doesn't let me download delta crls any more..
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 8

17 years ago
*** Bug 95641 has been marked as a duplicate of this bug. ***

Comment 9

17 years ago
Verified.
Status: RESOLVED → VERIFIED

Updated

14 years ago
Component: Security: UI → Security: UI
Product: PSM → Core

Updated

11 years ago
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.