Open Bug 1338956 Opened 7 years ago Updated 6 months ago

NSS accepts a version 2 certificate with issuer UID and extensions

Categories

(NSS :: Tools, defect, P3)

Product:
NSS
Component:
Tools
Version:
3.27
Platform:
x86_64
Linux
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: chenchu, Unassigned)

Details

(Whiteboard: [nss-triage])

Attachments

(1 file)

The attached RAR file contains basicCA.pem and 7.pem.
2.04 KB, application/x-rar
Details 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

Steps to reproduce:

VERSIONS:
		NSS Version: [3.27]
		Operating System: [Ubuntu v1604-LTS x64] 

	REPRODUCTION STEPS:
	  1. Open the terminal of Unbuntu and create a certificate database:
		 certutil -N -d ./
		 (Note: press Enter to skip inputing password)
	  2. Add a CA certificate to the new certificate database:
		 certutil -A -i basicCA.pem -n ca -t "CT,C,C" -d ./
		 (Note: basiceCa.pem is one of attachements)
	  3. Add a end entity certificate (EEC) to the the new certificate database:
		 certutil -A -i 7.pem -n 7 -t ",," -d ./
		 (Note: 7.pem is another one of attachements)
	  4. Verify the EEC:
		 certutil -V -n 7 -d ./ -u S


Actual results:

certutil: certificate is valid


Expected results:

As for the certificate "7.pem", it has the field "issuer unique identifier" and extensions. Therefore, its version should be v3 but its version is v2. Hence, it should be rejected.
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Summary: NSS accepts a version 2 certificate with subject UID and extensions → NSS accepts a version 2 certificate with issuer UID and extensions
Severity: normal → S3
Priority: -- → P3
Whiteboard: [nss-triage]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: