The default bug view has changed. See this FAQ.

libpkix does not return a set of valid key usages

NEW
Assigned to

Status

NSS
Libraries
P1
enhancement
10 years ago
9 years ago

People

(Reporter: Alexei Volkov, Assigned: Alexei Volkov)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIX)

(Assignee)

Description

10 years ago
One of the arguments of CERT_VerifyCertificate function is an address of CERTCertificateUsage that is a bit field data type that contains all possible certificate usages. CERT_VerifyCertificate suppose to return all valid cert usages if this address is not equal to NULL.

Libpkix does not support this feature.
(Assignee)

Updated

10 years ago
Priority: -- → P1
Whiteboard: PKIX
(Assignee)

Updated

10 years ago
Blocks: 390888
Note that CERT_VerifyCert does not have the feature either.
CERT_VerifyCertificate accomplishes this essentially by performing
CERT_VerifyCert in a loop, performing it in its entirety once for 
each of the requested usages.  
While that is not the most efficient way to accomplish this task,
the "wrapper" version of CERT_VerifyCertificate could do the same
as the older version, calling the wrapper version of CERT_VerifyCert
in a loop, once for each requested usage, and the result would be 
equivalent to what CERT_VerifyCertificate does now (in 3.11)
Since this is a wrapper issue, assigning to Alexei
Assignee: nobody → alexei.volkov.bugs
Version: 3.12 → trunk
(Assignee)

Comment 3

10 years ago
Patch for 390888 will have fix for this bug. Leave this bug open for now.
(Assignee)

Updated

10 years ago
No longer blocks: 390888

Updated

10 years ago
Depends on: 294531
(Assignee)

Updated

9 years ago
Target Milestone: 3.12 → 3.12.1
(Assignee)

Comment 4

9 years ago
Re-targeting for later release, as this functionality is needed for CERT_PKIX_VerifyCert API only.
Target Milestone: 3.12.1 → 3.12.2
You need to log in before you can comment on or make changes to this bug.