Closed
Bug 288227
Opened 19 years ago
Closed 19 years ago
nss3.10 certutil sees 3.9.x root certs as government issued
Categories
(NSS :: Tools, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: neil.williams, Assigned: neil.williams)
Details
Attachments
(1 file)
755 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
NSS beta 3.10 certutil lists root certs from 3.9.x libnssckbi.so as having the "G" trust attribute. All the root certs except those with no trust attributes have the G attribute. Libnssckbi.so from 3.10 beta has only a handful of certs marked this way. Presumably this is correct.
Assignee | ||
Comment 2•19 years ago
|
||
Another data point. Modifying the trust bits of a 3.9.x root cert does not affect the the G flag. Thus nss3.10/certutil -M -t ",,p" -d . -n "Builtin Object Token:Certum Root CA" nss3.10/certutil -L -h all -d . Certum Root CA G,,p Builtin Object Token:Certum Root CA G,,p ...
Assignee | ||
Comment 3•19 years ago
|
||
I'll take this. Does anyone have any hints about where this might be happening?
Assignee: wtchang → neil.williams
Assignee | ||
Comment 4•19 years ago
|
||
The function affected by this patch gets trust attributes for certs. A template is built with pointers to attribute variables to be filled in by nssToken_GetCachedObjectAttributes(). All of the attributes are initialized except those for stepUp and isToken. If the cached object does not have the corresponding attribute the returned values are left unaffected (and uninitialized). This patch initializes stepUp and isToken to FALSE.
Attachment #179346 -
Flags: review?(nelson)
Comment 5•19 years ago
|
||
Comment on attachment 179346 [details] [diff] [review] This patch initializes the stepflag to FALSE which fixes the problem on x86 good find! r=nelson
Attachment #179346 -
Flags: review?(nelson) → review+
Updated•19 years ago
|
Target Milestone: --- → 3.10
Assignee | ||
Comment 6•19 years ago
|
||
Checking in nss/lib/dev/ckhelper.c; /cvsroot/mozilla/security/nss/lib/dev/ckhelper.c,v <-- ckhelper.c new revision: 1.34; previous revision: 1.33 done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•