The default bug view has changed. See this FAQ.

libpkix does not consistently return PKIX_ValidateNode tree that truly represent failure reasons

RESOLVED FIXED in 3.12.2

Status

NSS
Libraries
P1
enhancement
RESOLVED FIXED
10 years ago
9 years ago

People

(Reporter: Alexei Volkov, Assigned: Alexei Volkov)

Tracking

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIX SUN_MUST_HAVE)

(Assignee)

Description

10 years ago
libpkix uses PKIX_ValidateNode tree to indicate cert problems found during cert selection process. Some paths of chain building/validation does not update final PKIX_ValidateNode tree with cert selection failure reasons.
(Assignee)

Updated

10 years ago
Depends on: 390888
Priority: -- → P1
(Assignee)

Updated

10 years ago
Whiteboard: PKIX
Alexei, 
"some paths" ?  What paths?  
Please provide enough information that another developer can know what 
code to start examining.
Does bug 390888 need to be fixed before this bug is fixed? 
That is, does bug 390888 block this bug?

Or does this bug need to be fixed first?  
Does this bug block 390888?

Comment 3

10 years ago
An example is of a path which chains to a root which violates the
basic constraints path length.

In this case, pkix_CertSelector_DefaultMatch() will fail, and pkix_Build_GatherCerts() will return an empty list, because
no cert matches the requirements. There is no ValidateNode
created in this case.

(Assignee)

Updated

10 years ago
Blocks: 390888
No longer depends on: 390888
Assignee: nobody → alexei.volkov.bugs
Version: 3.12 → trunk
(Assignee)

Updated

10 years ago
Blocks: 391183
No longer blocks: 390888
(Assignee)

Updated

9 years ago
Target Milestone: 3.12 → 3.12.1
This may be fixed.
We need a test case.
(Assignee)

Updated

9 years ago
Blocks: 430405
(Assignee)

Updated

9 years ago
Target Milestone: 3.12.1 → 3.12.2
(Assignee)

Updated

9 years ago
Whiteboard: PKIX → PKIX SUN_MUST_HAVE
(Assignee)

Comment 5

9 years ago
This bug is fixed. Closing.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.