Closed Bug 1898166 Opened 5 months ago Closed 4 months ago

Adjust OCSP test keysize-ocsp-delegated.example.com after policy code changes

Categories

(Core :: Security: PSM, defect, P1)

defect

Tracking

()

RESOLVED FIXED
128 Branch
Tracking Status
firefox128 --- fixed

People

(Reporter: KaiE, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Attachments

(1 file)

With bug 1884444 applied, the test below
(from security/manager/ssl/tests/unit/test_ocsp_stapling.js )
fails for me.

See bug 1884444 comment 19 + 21.

// Check that OCSP responder certificates with key sizes below 1024 bits are
// rejected, even when the main certificate chain keys are at least 1024 bits.
add_ocsp_test(
"keysize-ocsp-delegated.example.com",
SSL_ERROR_UNRECOGNIZED_NAME_ALERT,
true,
true
);

Assignee: jschanck → dkeeler
Status: NEW → ASSIGNED
Severity: -- → S4
Whiteboard: [psm-assigned]
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/da3e9a33beb4 set nss key size policy when generating test OCSP responses r=jschanck
Status: ASSIGNED → RESOLVED
Closed: 4 months ago
Resolution: --- → FIXED
Target Milestone: --- → 128 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: