If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

mozilla::pkix should only accept Generalized times that conform to RFC 5280 section 4.1.2.5.2

RESOLVED DUPLICATE of bug 1043041

Status

()

Core
Security: PSM
RESOLVED DUPLICATE of bug 1043041
3 years ago
3 years ago

People

(Reporter: cviecco, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

3 years ago
ASN1 (ITU-T X.680) allows many types of encodings for Generalized times however for both certificates and ocsp responses the rfc specify a single valid encoding. From RFC 5280 section 4.1.2.5.2:

   For the purposes of this profile, GeneralizedTime values MUST be
   expressed in Greenwich Mean Time (Zulu) and MUST include seconds
   (i.e., times are YYYYMMDDHHMMSSZ), even where the number of seconds
   is zero.  GeneralizedTime values MUST NOT include fractional seconds.

And from from RFC 6960 (OCSP) section 4.2.2.1:

   Responses can contain four times -- thisUpdate, nextUpdate,
   producedAt, and revocationTime.  The semantics of these fields are
   defined in Section 2.4.  The format for GeneralizedTime is as
   specified in Section 4.1.2.5.2 of [RFC5280].

We currently accept encodings using local time and not including seconds
This was fixed as part of the time-parsing rewrite in bug 1043041.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1043041
You need to log in before you can comment on or make changes to this bug.