Closed Bug 101038 Opened 24 years ago Closed 23 years ago

deltaCRL being treated as full CRL

Categories

(Core Graveyard :: Security: UI, defect, P1)

Product:
Core Graveyard
Component:
Security: UI
Version:
1.0 Branch
Platform:
x86
Windows 2000
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
psm2.2

People

(Reporter: cfu, Assigned: rangansen)

References

Details

This is a bug that PSM treats a deltaCRL as a full CRL. It ignores the criticality of the delta CRL extension. Here is how to reproduce: 0. get a new profile 1. to get a cert, go to http://cfu [Enrollment] [Directory] to enroll for a cert. uid="test1", password="test1". 2. to revoke the cert, go to https://cfu [Revocation] and revoke the test1 cert 3. wait 20+ minutes, go to http://cfu [Retrieval][import crl], "Display the CRL information," select "deltaCRL", you should see your cert in there. 4. go to http://cfu [Retrieval][import crl] and "Import the latest deltaCRL to your browser. when I "Manage Cerfificates" on N6, I expect to see the cert just revoked to be "verified", because N6 currently does not understand deltaCRL, and thus should detact the criticality of the extension and leave it; however, I saw the cert NOT verified, which tells me that N6 is not doing the right thing, and worse, is treating a deltaCRL as a full CRL. FYI, it has been confirmed that the binary imported into the browser indeed is a deltaCRL with "critical" bit turned on.
a few things to ponder: we could A. at download, detect the unrecognized extension, and just throw it away and tell user that it's not viable or B. allow to download, but not use it.
->rangan
Assignee: ssaux → rangansen
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P1
Target Milestone: --- → Future
Actually, NSS does not handle/support delta CRLs right now. So, what should happen is that a delta CRL should never the allowed to be imported unless they are supported [Bug# 103946]. Making this bug depend on 103946.
Depends on: 103946
*** Bug 95640 has been marked as a duplicate of this bug. ***
Status: NEW → ASSIGNED
Target Milestone: Future → 2.2
*** Bug 95469 has been marked as a duplicate of this bug. ***
I think this bug has been fixed because the underlying NSS bug 103946 has been fixed. NSS and PSM still don't recognize delta CRLs, but they no longer treat delta CRLs as full CRLs.
I think so - it doesn't let me download delta crls any more..
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
*** Bug 95641 has been marked as a duplicate of this bug. ***
Verified.
Status: RESOLVED → VERIFIED
Product: PSM → Core
Version: psm2.1 → 1.0 Branch
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.