Closed Bug 391560 Opened 18 years ago Closed 17 years ago

libpkix does not consistently return PKIX_ValidateNode tree that truly represent failure reasons

Categories

(NSS :: Libraries, enhancement, P1)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
3.12.2

People

(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)

References

Details

(Whiteboard: PKIX SUN_MUST_HAVE)

libpkix uses PKIX_ValidateNode tree to indicate cert problems found during cert selection process. Some paths of chain building/validation does not update final PKIX_ValidateNode tree with cert selection failure reasons.
Depends on: 390888
Priority: -- → P1
Whiteboard: PKIX
Alexei, "some paths" ? What paths? Please provide enough information that another developer can know what code to start examining.
Does bug 390888 need to be fixed before this bug is fixed? That is, does bug 390888 block this bug? Or does this bug need to be fixed first? Does this bug block 390888?
An example is of a path which chains to a root which violates the basic constraints path length. In this case, pkix_CertSelector_DefaultMatch() will fail, and pkix_Build_GatherCerts() will return an empty list, because no cert matches the requirements. There is no ValidateNode created in this case.
Blocks: 390888
No longer depends on: 390888
Assignee: nobody → alexei.volkov.bugs
Version: 3.12 → trunk
Blocks: 391183
No longer blocks: 390888
Target Milestone: 3.12 → 3.12.1
This may be fixed. We need a test case.
Blocks: 430405
Target Milestone: 3.12.1 → 3.12.2
Whiteboard: PKIX → PKIX SUN_MUST_HAVE
This bug is fixed. Closing.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.