Closed Bug 190420 Opened 22 years ago Closed 21 years ago

revoked certificates may be considered valid when CRL lookup fails

Tracking

(Not tracked)

Status:

RESOLVED FIXED

Milestone:

3.7.1

People

(Reporter: julien.pierre, Assigned: nelson)

Details

Julien Pierre

Reporter

Description

•

22 years ago

In some cases, PK11_FindCrlByName returns no CRL with no error, even though
there was a serious error down in the PKCS#11 module on the token. The top-level
function SEC_FindCrlByKeyOnSlot is not notified appropriately, and thus the
certificate verification succeeds.

This needs to be fixed so that any major CRL lookup failure results in
certificate verification failure.

Please see bug 190396 and bug 162983 for more details.

Julien Pierre

Reporter

Updated

•

22 years ago

Priority: -- → P1

Target Milestone: --- → 3.7.2

Wan-Teh Chang

Comment 1

•

21 years ago

Assigned the bug to Nelson.  Target NSS 3.8, priority P2.

Assignee: wtc → nelsonb

Priority: P1 → P2

Target Milestone: 3.7.2 → 3.8

Nelson Bolyard (seldom reads bugmail)

Assignee

Comment 2

•

21 years ago

Remove target milestone of 3.8, since these bugs didn't get into that release.

Target Milestone: 3.8 → ---

Julien Pierre

Reporter

Comment 3

•

21 years ago

This has been fixed as of 3.7.1 .

Status: NEW → RESOLVED

Closed: 21 years ago

Resolution: --- → FIXED

Target Milestone: --- → 3.7.1

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

revoked certificates may be considered valid when CRL lookup fails

Categories

(NSS :: Libraries, defect, P2)

Tracking

(Not tracked)

People

(Reporter: julien.pierre, Assigned: nelson)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Comment 2

Comment 3