538 bytes, patch
|Details | Diff | Splinter Review|
Created attachment 95320 [details] [diff] [review] patch to use quick DER decoder for basic constraints
This was resolved when the large checkin for quickder went in yesterday, as part of fix for bug #160805.
wtc et al, are you OK with making this bug public? Looks like it wasn't really an exploit anyway, but please confirm.
There's no exploit here. NSS rejects certs with pointless (empty) basicConstraints extensions. No crash, no exploit. I see no reason for this to be "security sensitive".
The IP address with the test exploit for IE given was given to us privately and was not supposed to be made public, but I was unware of that when I posted the bug. This is why it was made security sensitive.
Since there is no exploit here, how is this IP address security sensitive?
That IP address isn't one of ours. Somebody outside of Netscape setup a test system to reproduce the IE exploit, but intended only for us to be aware of that address, not the world.
We need to expunge that confidential IP address or else remove this bug from the database; it can't stay security-sensitive.
I would say delete it . I don't know how to do that, though.