Cert Viewer doesn't recognize "Private Key Usage Period" extension

RESOLVED WONTFIX

Status

()

--
enhancement
RESOLVED WONTFIX
11 years ago
3 years ago

People

(Reporter: nelson, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-cert-manager])

Some time ago, for bug 259031, PSM's cert displaying code was enhanced to 
recognize, and print the names of, a wide variety of cert extensions, 
including certs that are:
a) recognized but unsupported by NSS, and 
b) unrecognized by NSS
PSM will print the names of those extensions in the list of cert extensions, 
even if it does not understand their contents.  

But I noticed today that PSM's cert displayer does not recognize and print
the name for extensions with OID 2.5.29.16, the "Private Key Usage Period",
even though NSS *does* recognize this OID as a known but unsupported 
extension type, and NSS does supply a name string for it.  
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/util/secoid.c&rev=1.40#814

An example of this PSM behavior may be seen by visiting the URL 
https://secure.comodo.net/ and examining the extensions in the intermediate
CA certificate in the cert chain.
cc'ing Kaspar, our expert for displaying cert extensions in PSM :-)

Comment 2

11 years ago
(In reply to comment #0)
> But I noticed today that PSM's cert displayer does not recognize and print
> the name for extensions with OID 2.5.29.16, the "Private Key Usage Period",
> even though NSS *does* recognize this OID as a known but unsupported 
> extension type, and NSS does supply a name string for it.

Nelson, PSM doesn't use the descriptions from NSS OID table, currently - it has its own list in GetOIDText(), which is currently lacking SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD:

http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSCertHelper.cpp#249

In theory, we could try to fall back to the NSS description in English (as available through SECOID_FindOIDTagDescription), but I'm not sure if that's the right thing to do (mainly for l10n reasons). Any opinions on this?

In any case, I would consider this an enhancement request rather than a bug.
OS: Windows XP → All
Hardware: PC → All
Summary: Cert Manager doesn't recognize "Private Key Usage Period" extension → Cert Viewer doesn't recognize "Private Key Usage Period" extension
Severity: minor → enhancement
Assignee: kaie → nobody
Whiteboard: [psm-cert-manager]
RFC 5280 says use of this extension is not recommended. I don't think we need to support it in the certificate viewer.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.