Open
Bug 1339322
Opened 8 years ago
Updated 1 year ago
NSS accepts a certificate whose validity is not in the range of its CA certificate's without any warning
Categories
(NSS :: Tools, defect, P3)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: chenchu, Unassigned)
Details
(Whiteboard: [nss-triage])
Attachments
(1 file)
|
3.46 KB,
application/zip
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
Steps to reproduce:
REPRODUCTION STEPS:
1. Open the terminal of Unbuntu and create a certificate database:
certutil -N -d ./
(Note: press Enter to skip inputing password)
2. Add a CA certificate to the new certificate database:
certutil -A -i ca.pem -n ca -t "CT,C,C" -d ./
(Note: ca.pem is in the attachement)
3. Add an end entity certificate (EEC) to the the new certificate database:
certutil -A -i 3.pem -n 3 -t ",," -d ./
(Note: 3.pem is in the attachement)
4. Verify the EECs:
certutil -V -n 3 -d ./ -u S
5. Delete the EEC:
certutil -D -n 3 -d ./
5. Add an end entity certificate (EEC) to the the new certificate database:
certutil -A -i 4.pem -n 4 -t ",," -d ./
(Note: 4.pem is in the attachement)
6. Verify the EECs:
certutil -V -n 4 -d ./ -u S
Actual results:
certutil: certificate is valid
Expected results:
The attached ZIP file contains ca.pem 3.pem, and 4.pem.
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•1 year ago
|
Severity: S3 → S4
Priority: -- → P3
Whiteboard: [nss-triage]
You need to log in
before you can comment on or make changes to this bug.
Description
•