Some time ago, for bug 259031, PSM's cert displaying code was enhanced to recognize, and print the names of, a wide variety of cert extensions, including certs that are: a) recognized but unsupported by NSS, and b) unrecognized by NSS PSM will print the names of those extensions in the list of cert extensions, even if it does not understand their contents. But I noticed today that PSM's cert displayer does not recognize and print the name for extensions with OID 220.127.116.11, the "Private Key Usage Period", even though NSS *does* recognize this OID as a known but unsupported extension type, and NSS does supply a name string for it. http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/util/secoid.c&rev=1.40#814 An example of this PSM behavior may be seen by visiting the URL https://secure.comodo.net/ and examining the extensions in the intermediate CA certificate in the cert chain.
cc'ing Kaspar, our expert for displaying cert extensions in PSM :-)
(In reply to comment #0) > But I noticed today that PSM's cert displayer does not recognize and print > the name for extensions with OID 18.104.22.168, the "Private Key Usage Period", > even though NSS *does* recognize this OID as a known but unsupported > extension type, and NSS does supply a name string for it. Nelson, PSM doesn't use the descriptions from NSS OID table, currently - it has its own list in GetOIDText(), which is currently lacking SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD: http://lxr.mozilla.org/mozilla/source/security/manager/ssl/src/nsNSSCertHelper.cpp#249 In theory, we could try to fall back to the NSS description in English (as available through SECOID_FindOIDTagDescription), but I'm not sure if that's the right thing to do (mainly for l10n reasons). Any opinions on this? In any case, I would consider this an enhancement request rather than a bug.
OS: Windows XP → All
Hardware: PC → All
Summary: Cert Manager doesn't recognize "Private Key Usage Period" extension → Cert Viewer doesn't recognize "Private Key Usage Period" extension
Assignee: kaie → nobody
RFC 5280 says use of this extension is not recommended. I don't think we need to support it in the certificate viewer.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.