Open Bug 1256073 Opened 9 years ago Updated 3 years ago

disallow matching UTF8String with PrintableString in distinguished name comparisons as per RFC 5280 section 4.2.1.10

Tracking

()

Status:

NEW

People

(Reporter: keeler, Unassigned)

Details

(Whiteboard: [psm-backlog])

Dana Keeler (she/her) [:keeler]

Reporter

Description

•

9 years ago

In bug 1150114, we added a compatibility workaround to mozilla::pkix whereby when matching two distinguished names, if one name's string type was UTF8String and the other was PrintableString, they were considered to match if their contents were the same. This is counter to RFC 5280 section 4.2.1.10. The goal is to remove this workaround by requiring certificates subject to the baseline requirements with a validity period beginning after a certain date match string types exactly to be considered equal.

Dana Keeler (she/her) [:keeler]

Reporter

Updated

•

9 years ago

Assignee: nobody → dkeeler

Dana Keeler (she/her) [:keeler]

Reporter

Updated

•

9 years ago

Whiteboard: [psm-assigned]

Dana Keeler (she/her) [:keeler]

Reporter

Updated

•

9 years ago

Assignee: dkeeler → nobody

Priority: -- → P3

Whiteboard: [psm-assigned] → [psm-backlog]

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

disallow matching UTF8String with PrintableString in distinguished name comparisons as per RFC 5280 section 4.2.1.10

Categories

(Core :: Security: PSM, defect, P3)

Tracking

()

People

(Reporter: keeler, Unassigned)

References

Details

(Whiteboard: [psm-backlog])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated