Closed Bug 403844 Opened 17 years ago Closed 16 years ago

Verify pkix_OcspChecker_Check works with configured responders

Tracking

(Not tracked)

Status:

RESOLVED DUPLICATE of bug 408847

Milestone:

3.12

People

(Reporter: KaiE, Unassigned)

Details

(Whiteboard: PKIX)

Kai Engert (:KaiE:)

Reporter

Description

•

17 years ago

When using OCSP, two different strategies can be used:
(a) use the responder specified in a cert
(b) use a specific responder defined by the application

Function pkix_OcspChecker_Check seems to offer strategy (b), because it allows to pass in a checker object, which contains a responder parameter.

Reading the implementation of pkix_OcspChecker_Check and pkix_pl_OcspRequest_Create I'm worried that (b) is not implemented correctly.

If a cert does not list a responder, then pkix_pl_OcspRequest_Create will report "uri not found".
Back in pkix_OcspChecker_Check, this condition results in "test passed, done" action, without checking for a configured responder in the given checker object.

Nelson Bolyard (seldom reads bugmail)

Updated

•

17 years ago

Whiteboard: PKIX

Target Milestone: --- → 3.12

Alexei Volkov

Updated

•

16 years ago

Priority: -- → P2

Nelson Bolyard (seldom reads bugmail)

Updated

•

16 years ago

Status: NEW → RESOLVED

Closed: 16 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Verify pkix_OcspChecker_Check works with configured responders

Categories

(NSS :: Libraries, defect, P2)

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

Details

(Whiteboard: PKIX)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated