Note: There are a few cases of duplicates in user autocompletion which are being worked on.

libpkix does not support time override

RESOLVED FIXED in 3.12

Status

NSS
Libraries
P1
enhancement
RESOLVED FIXED
10 years ago
6 years ago

People

(Reporter: Alexei Volkov, Assigned: Alexei Volkov)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIX NSS312B2)

Attachments

(1 attachment)

1.38 KB, patch
Nelson Bolyard (seldom reads bugmail)
: review+
Details | Diff | Splinter Review
(Assignee)

Description

10 years ago
old nss code support validity time override for certs that have been validating for certificateUsageSSLServer and certificateUsageSSLServerWithStepUp usages

libpkix does not support this feature.
(Assignee)

Updated

10 years ago
Priority: -- → P2
Whiteboard: PKIX
IIRC, there is a bit defined in the CERTCertificate that means "the invalid
date for this cert is overridden".  It should be easy to test for that,
at least in the PKIX_PL_ layer.
(Assignee)

Updated

10 years ago
Blocks: 390888
P1, we cannot release the CERT_VerifyCert* "wrappers" until this is fixed.
Priority: P2 → P1
Version: 3.12 → trunk
(Assignee)

Comment 3

10 years ago
The following code should be added into pkix_pl_cert.c:PKIX_PL_Cert_CheckValidity before checking for cert time validity.

allowOverride = (PRBool)((requiredUsages & certificateUsageSSLServer) ||
                        (requiredUsages & certificateUsageSSLServerWithStepUp));
val = CERT_CheckCertValidTimes(cert->nssCert, timeToCheck, allowOverride);
(Assignee)

Updated

10 years ago
No longer blocks: 390888
Whiteboard: PKIX → PKIX NSS312B2
(Assignee)

Comment 4

9 years ago
Created attachment 312740 [details] [diff] [review]
Patch v1

Allow time override for certificateUsageSSLServer and certificateUsageSSLServerWithStepUp usages
Attachment #312740 - Flags: review?(nelson)
Comment on attachment 312740 [details] [diff] [review]
Patch v1

So simple!  
r=nelson
Attachment #312740 - Flags: review?(nelson) → review+
(Assignee)

Comment 6

9 years ago
Integrated.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.