Open
Bug 1338956
Opened 7 years ago
Updated 6 months ago
NSS accepts a version 2 certificate with issuer UID and extensions
Categories
(NSS :: Tools, defect, P3)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: chenchu, Unassigned)
Details
(Whiteboard: [nss-triage])
Attachments
(1 file)
2.04 KB,
application/x-rar
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 Steps to reproduce: VERSIONS: NSS Version: [3.27] Operating System: [Ubuntu v1604-LTS x64] REPRODUCTION STEPS: 1. Open the terminal of Unbuntu and create a certificate database: certutil -N -d ./ (Note: press Enter to skip inputing password) 2. Add a CA certificate to the new certificate database: certutil -A -i basicCA.pem -n ca -t "CT,C,C" -d ./ (Note: basiceCa.pem is one of attachements) 3. Add a end entity certificate (EEC) to the the new certificate database: certutil -A -i 7.pem -n 7 -t ",," -d ./ (Note: 7.pem is another one of attachements) 4. Verify the EEC: certutil -V -n 7 -d ./ -u S Actual results: certutil: certificate is valid Expected results: As for the certificate "7.pem", it has the field "issuer unique identifier" and extensions. Therefore, its version should be v3 but its version is v2. Hence, it should be rejected.
Summary: NSS accepts a version 2 certificate with subject UID and extensions → NSS accepts a version 2 certificate with issuer UID and extensions
Updated•2 years ago
|
Severity: normal → S3
Updated•6 months ago
|
Priority: -- → P3
Whiteboard: [nss-triage]
You need to log in
before you can comment on or make changes to this bug.
Description
•