Last Comment Bug 390532 - libpkix does not return a set of valid key usages
: libpkix does not return a set of valid key usages
Status: NEW
PKIX
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: trunk
: All All
: P1 enhancement (vote)
: 3.12.2
Assigned To: Alexei Volkov
:
Mentors:
Depends on: 294531
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-01 14:33 PDT by Alexei Volkov
Modified: 2008-06-30 16:16 PDT (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments

Description Alexei Volkov 2007-08-01 14:33:22 PDT
One of the arguments of CERT_VerifyCertificate function is an address of CERTCertificateUsage that is a bit field data type that contains all possible certificate usages. CERT_VerifyCertificate suppose to return all valid cert usages if this address is not equal to NULL.

Libpkix does not support this feature.
Comment 1 Nelson Bolyard (seldom reads bugmail) 2007-08-08 13:30:04 PDT
Note that CERT_VerifyCert does not have the feature either.
CERT_VerifyCertificate accomplishes this essentially by performing
CERT_VerifyCert in a loop, performing it in its entirety once for 
each of the requested usages.  
While that is not the most efficient way to accomplish this task,
the "wrapper" version of CERT_VerifyCertificate could do the same
as the older version, calling the wrapper version of CERT_VerifyCert
in a loop, once for each requested usage, and the result would be 
equivalent to what CERT_VerifyCertificate does now (in 3.11)
Comment 2 Nelson Bolyard (seldom reads bugmail) 2007-08-08 13:32:14 PDT
Since this is a wrapper issue, assigning to Alexei
Comment 3 Alexei Volkov 2007-08-22 16:55:26 PDT
Patch for 390888 will have fix for this bug. Leave this bug open for now.
Comment 4 Alexei Volkov 2008-06-30 16:16:17 PDT
Re-targeting for later release, as this functionality is needed for CERT_PKIX_VerifyCert API only.

Note You need to log in before you can comment on or make changes to this bug.