revoked certificates may be considered valid when CRL lookup fails

RESOLVED FIXED in 3.7.1

Status

P2
normal
RESOLVED FIXED
16 years ago
16 years ago

People

(Reporter: julien.pierre, Assigned: nelson)

Tracking

3.7.1
3.7.1

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
In some cases, PK11_FindCrlByName returns no CRL with no error, even though
there was a serious error down in the PKCS#11 module on the token. The top-level
function SEC_FindCrlByKeyOnSlot is not notified appropriately, and thus the
certificate verification succeeds.

This needs to be fixed so that any major CRL lookup failure results in
certificate verification failure.

Please see bug 190396 and bug 162983 for more details.
(Reporter)

Updated

16 years ago
Priority: -- → P1
Target Milestone: --- → 3.7.2

Comment 1

16 years ago
Assigned the bug to Nelson.  Target NSS 3.8, priority P2.
Assignee: wtc → nelsonb
Priority: P1 → P2
Target Milestone: 3.7.2 → 3.8
(Assignee)

Comment 2

16 years ago
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
(Reporter)

Comment 3

16 years ago
This has been fixed as of 3.7.1 .

Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.7.1
You need to log in before you can comment on or make changes to this bug.