Closed
Bug 2021048
Opened 3 months ago
Closed 2 months ago
QWACs: processing of certificate policies extension doesn't account for non-empty policyQualifiers
Categories
(Core :: Security: PSM, defect, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
150 Branch
| Tracking | Status | |
|---|---|---|
| firefox150 | --- | fixed |
People
(Reporter: keeler, Assigned: keeler)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-assigned])
Attachments
(2 files)
The QWACs implementation doesn't take into account that a PolicyInformation can have a non-empty policyQualifiers.
|
Assignee | |
Updated•3 months ago
|
Whiteboard: [psm-assigned]
|
|
Assignee | |
Comment 1•3 months ago
|
||
For certificates, RFCs 5280 and 8017 are the relevant ones we should be using.
|
|
Assignee | |
Comment 2•3 months ago
|
||
When looking for required policies, we may encounter unknown policies. We
should ignore those entirely, which means ignoring any policyQualifiers that
might be present. For known policies, the QWAC specifications don't mention
policyQualifiers one way or another, so for maximum compatibility, we ignore
them.
Pushed by dkeeler@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/c098d314dd2f
https://hg.mozilla.org/integration/autoland/rev/d6faa7c1b9f4
pycert: move from rfc2459 to rfc5280 and rfc8017 r=jschanck
|
||
Comment 4•2 months ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 2 months ago
status-firefox150:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 150 Branch
Pushed by dkeeler@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/929665c263f5
https://hg.mozilla.org/integration/autoland/rev/081337f2c680
QWACs: ignore policyQualifiers r=jschanck
|
||
Comment 6•2 months ago
|
||
| bugherder | ||
|
||
Updated•2 months ago
|
QA Whiteboard: [qa-triage-done-c151/b150]
You need to log in
before you can comment on or make changes to this bug.
Description
•