Open Bug 1339392 Opened 9 years ago Updated 3 years ago

Should we reject extensions sent with client certificates?

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: ttaubert, Unassigned)

References

Details

Tim Taubert [:ttaubert] (inactive)

Reporter

Description

•

9 years ago

BoGo test SendExtensionOnClientCertificate-TLS13 expects us to fail due to an unexpected extension. The spec doesn't say anything about that, and client certificate extensions could in theory be defined, but as long as we only have OCSP and SCT extensions make no sense for client certs. Also I'm not sure it's likely we ever see a client cert extension specified.

Tim Taubert [:ttaubert] (inactive)

Reporter

Updated

•

8 years ago

Priority: -- → P3

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Should we reject extensions sent with client certificates?

Categories

(NSS :: Libraries, defect, P3)

Tracking

(Not tracked)

People

(Reporter: ttaubert, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated