Closed
Bug 126653
Opened 23 years ago
Closed 22 years ago
NSS3.4 USPS cert in Web Site certs by default
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.2
People
(Reporter: junruh, Assigned: ssaux)
References
Details
Attachments
(1 file)
|
3.98 KB,
patch
|
Details | Diff | Splinter Review |
1.) Create a new profile and start the browser. 2.) Open the Cert Manager and Web Sites tab. What happens: The US Post Office cert appears. What is expected: No cert should be there in a new profile. 2/20 Win2000 trunk.
|
Assignee | |
Comment 1•23 years ago
|
||
cc relyea and wtc. Since this behavior wasn't present pre NSS3.4 is suspect that 3.4 has something to do with it.
Priority: -- → P1
Summary: USPS cert in Web Site certs by default → NSS3.4 USPS cert in Web Site certs by default
Target Milestone: --- → 2.2
|
|
Assignee | |
Comment 2•23 years ago
|
||
This is still occurring in Build ID 2002022503
|
||
Comment 3•23 years ago
|
||
Ian, is this cert new? bob
|
||
Comment 4•23 years ago
|
||
I presume the cert is "USPS Production 1". This cert is not at all new. It is an intermediate CA cert issued by "USPS Root". It should not be default trusted, as it is not a root. What it should be marked as is "valid CA", so that it shows up as untrusted in the CA list (previously, it was marked as untrusted, so it didn't show up; the customer did not like that). However, it is marked as "valid peer", causing it to show up in the web sites tab. I don't know why this showed up in 3.4, but the builtin entry is marked incorrectly at any rate.
|
|
||
Comment 5•23 years ago
|
||
|
|
||
Comment 6•23 years ago
|
||
patched checked in. Will have to wait for next PSM update.
|
||
Comment 7•23 years ago
|
||
Ian, Doesn't the trust flag "valid CA" imply that it's trusted? I agree with your comment that intermediate CAs should not be marked as trusted. Does the change you made cause this CA to be trusted now?
|
|
||
Comment 8•23 years ago
|
||
No. "valid" is equivalent to "c,c,c", "Trusted" is equivalent to "C,C,C".
|
|
||
Comment 9•23 years ago
|
||
No Trusted CA means it's trusted, Valid CA means simply that it is a CA.
|
||
Comment 10•22 years ago
|
||
Comment on attachment 71911 [details] [diff] [review] trust USPS Production 1 as valid CA I checked Ian's patch into the NSS_CLIENT_TAG of NSS. I think this bug can be marked fixed now.
|
||
Comment 11•22 years ago
|
||
Marking fixed as wtc suggested.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
|
Reporter | |
Comment 12•22 years ago
|
||
Verified that the USPS Production 1 CA appears now in the authorities tab and not the web sites tab. The CA is also NOT trusted. Please open a new bug if that is not correct.
Status: RESOLVED → VERIFIED
|
|
||
Comment 13•22 years ago
|
||
It is correct that the USPS Production 1 CA is NOT trusted.
|
||
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•