2.00 KB, application/x-rar
Created attachment 8836548 [details] The attached RAR file contains basicCA.pem and 5.pem. User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 Steps to reproduce: VERSIONS: NSS Version: [3.27] Operating System: [Ubuntu v1604-LTS x64] REPRODUCTION STEPS: 1. Open the terminal of Unbuntu and create a certificate database: certutil -N -d ./ (Note: press Enter to skip inputing password) 2. Add a CA certificate to the new certificate database: certutil -A -i basicCA.pem -n ca -t "CT,C,C" -d ./ (Note: basiceCa.pem is one of attachements) 3. Add a end entity certificate (EEC) to the the new certificate database: certutil -A -i 5.pem -n 1 -t ",," -d ./ (Note: 5.pem is another of attachements) 4. Verify the EEC: certutil -V -n 5 -d ./ -u S Actual results: certutil: certificate is valid Expected results: As for the certificate "5.pem", it has the field "subject unique identifier". Therefore, its version should be v2 or v3 but its version is v1. Hence, it should be rejected.
The third step to reproduce should be: certutil -A -i 5.pem -n 5 -t ",," -d ./
You need to log in before you can comment on or make changes to this bug.