Closed Bug 1760708 Opened 3 years ago Closed 3 years ago

OneCRL Status gets set to Not Applicable because Derived Trust Bits gets emptied when cert is Revoked

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: kathleen.a.wilson, Assigned: poonam)

Details

(Whiteboard: [ccadb-bug])

Kathleen Wilson

Reporter

Description

•

3 years ago

When a Mozilla Root Store manager runs "Verify Revocation", there is a check to see if "Derived Trust Bits" contains "Server Authentication". If it does not, then "OneCRL Status" gets set to "Not Applicable".

The problem is that now when a certificate's "Revocation Status" gets set to "Revoked", the contents of the "Derived Trust Bits" field get moved to "Pre-Revocation Derived Trust Bits", and then the "Derived Trust Bits" field gets set to empty.

I think the fix is just to change the logic in "Verify Revocation" to use the contents of "Pre-Revocation Derived Trust Bits"

Poonam Bhargava

Assignee

Comment 1

•

3 years ago

Modified the logic for "Verify Revocation" process to use "Pre-Revocation Derived Trust Bits" in place of "Derived Trust Bits". Also, moved the changes to production.

Kathleen Wilson

Reporter

Comment 2

•

3 years ago

Thanks!

Status: ASSIGNED → RESOLVED

Closed: 3 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Updated

•

2 years ago

Product: NSS → CA Program

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

OneCRL Status gets set to Not Applicable because Derived Trust Bits gets emptied when cert is Revoked

Categories

(CA Program :: Common CA Database, task, P1)

Tracking

(Not tracked)

People

(Reporter: kathleen.a.wilson, Assigned: poonam)

References

Details

(Whiteboard: [ccadb-bug])

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated