Closed Bug 288227 Opened 19 years ago Closed 19 years ago

nss3.10 certutil sees 3.9.x root certs as government issued

Categories

(NSS :: Tools, defect, P1)

3.10
x86
Solaris

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: neil.williams, Assigned: neil.williams)

Details

Attachments

(1 file)

NSS beta 3.10 certutil lists root certs from 3.9.x libnssckbi.so as having the
"G" trust attribute. All the root certs except those with no trust attributes
have the G attribute. Libnssckbi.so from 3.10 beta has only a handful of certs
marked this way. Presumably this is correct.
Making this P1 at Nelson's suggestion.
Priority: -- → P1
Another data point. Modifying the trust bits of a 3.9.x root cert does not
affect the the G flag. Thus

nss3.10/certutil -M -t ",,p" -d . -n "Builtin Object Token:Certum Root CA"
nss3.10/certutil -L -h all -d .
Certum Root CA                                               G,,p
Builtin Object Token:Certum Root CA                          G,,p
...
I'll take this. Does anyone have any hints about where this might be happening?
Assignee: wtchang → neil.williams
The function affected by this patch gets trust attributes for certs. A template
is built with pointers to attribute variables to be filled in by
nssToken_GetCachedObjectAttributes(). All of the attributes are initialized
except those for stepUp and isToken. If the cached object does not have the
corresponding attribute the returned values are left unaffected (and
uninitialized). This patch initializes stepUp and isToken to FALSE.
Attachment #179346 - Flags: review?(nelson)
Comment on attachment 179346 [details] [diff] [review]
This patch initializes the stepflag to FALSE which fixes the problem on x86

good find! r=nelson
Attachment #179346 - Flags: review?(nelson) → review+
Target Milestone: --- → 3.10
Checking in nss/lib/dev/ckhelper.c;
/cvsroot/mozilla/security/nss/lib/dev/ckhelper.c,v  <--  ckhelper.c
new revision: 1.34; previous revision: 1.33
done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: