Closed
Bug 1249155
Opened 8 years ago
Closed 4 months ago
Unprocessed Parameter CERT_PKIXVerifyCert
Categories
(NSS :: Build, defect, P3)
Tracking
(Not tracked)
RESOLVED
INACTIVE
People
(Reporter: ermenegildo.carrisi, Unassigned)
Details
(Whiteboard: [nss-qm])
What did you do? ================ Trying to use CERT_PKIXVerifyCert to validate a certificate chain. Looking at the possible type/value pair in CertValInParam, I see cert_pi_certList (http://mxr.mozilla.org/security/source/security/nss/lib/certdb/certt.h#898), which could be used to provide a certificate chain. So I set the type/value pair in CertValInParam array (code: http://pastebin.com/4BQsinXM where parse_cert is a function which returns a CERTCertificate and it is correctly working) What happened? ============== I get error -8187, SEC_ERROR_INVALID_ARGS. What should have happened? ========================== Accepting Argument without raising error Is there anything else we should know? ====================================== I try to investigate what happened by looking at the source code, and I find something likely to be wrong here (http://mxr.mozilla.org/security/source/security/nss/lib/certhigh/certvfypkix.c#1509). Indeed, there is a switch on the type of CertValInParam parameter (which is an element of the input array to CERT_PKIXVerifyCert), and cert_pi_CertList has not an associated case. Hence, the default case is matched, which set error SEC_ERROR_INVALID_ARGS and returns a failure. Hence, it seems this type/value pair cannot be used without raising the aforementioned error. And I claim that it's probably not the only type with this issue, also cert_pi_keyusage isn't checked in that switch, and should lead to the same error (even if I haven't tried it as an input).
Reporter | ||
Updated•8 years ago
|
Component: API → Build
OS: Other → Linux
Product: Mozilla Developer Network → NSS
Hardware: All → x86_64
Version: unspecified → 3.21
Reporter | ||
Updated•8 years ago
|
Priority: -- → P3
Updated•3 years ago
|
Whiteboard: [specification][type:bug] → [nss-qm]
Updated•2 years ago
|
Severity: normal → S3
Updated•4 months ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 4 months ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•