In some cases, PK11_FindCrlByName returns no CRL with no error, even though there was a serious error down in the PKCS#11 module on the token. The top-level function SEC_FindCrlByKeyOnSlot is not notified appropriately, and thus the certificate verification succeeds. This needs to be fixed so that any major CRL lookup failure results in certificate verification failure. Please see bug 190396 and bug 162983 for more details.
Assigned the bug to Nelson. Target NSS 3.8, priority P2.
Assignee: wtc → nelsonb
Priority: P1 → P2
Target Milestone: 3.7.2 → 3.8
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
This has been fixed as of 3.7.1 .
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.7.1
You need to log in before you can comment on or make changes to this bug.