Closed
Bug 390530
Opened 18 years ago
Closed 17 years ago
libpkix does not support time override
Categories
(NSS :: Libraries, enhancement, P1)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12
People
(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)
Details
(Whiteboard: PKIX NSS312B2)
Attachments
(1 file)
|
1.38 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
old nss code support validity time override for certs that have been validating for certificateUsageSSLServer and certificateUsageSSLServerWithStepUp usages
libpkix does not support this feature.
|
Assignee | |
Updated•18 years ago
|
Priority: -- → P2
Whiteboard: PKIX
|
||
Comment 1•18 years ago
|
||
IIRC, there is a bit defined in the CERTCertificate that means "the invalid
date for this cert is overridden". It should be easy to test for that,
at least in the PKIX_PL_ layer.
|
|
||
Comment 2•18 years ago
|
||
P1, we cannot release the CERT_VerifyCert* "wrappers" until this is fixed.
Priority: P2 → P1
|
|
||
Updated•18 years ago
|
Version: 3.12 → trunk
|
|
Assignee | |
Comment 3•18 years ago
|
||
The following code should be added into pkix_pl_cert.c:PKIX_PL_Cert_CheckValidity before checking for cert time validity.
allowOverride = (PRBool)((requiredUsages & certificateUsageSSLServer) ||
(requiredUsages & certificateUsageSSLServerWithStepUp));
val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride);
|
|
||
Updated•18 years ago
|
Whiteboard: PKIX → PKIX NSS312B2
|
|
Assignee | |
Comment 4•17 years ago
|
||
Allow time override for certificateUsageSSLServer and certificateUsageSSLServerWithStepUp usages
Attachment #312740 -
Flags: review?(nelson)
|
|
||
Comment 5•17 years ago
|
||
Comment on attachment 312740 [details] [diff] [review]
Patch v1
So simple!
r=nelson
Attachment #312740 -
Flags: review?(nelson) → review+
|
|
Assignee | |
Comment 6•17 years ago
|
||
Integrated.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•