Closed
Bug 414556
Opened 17 years ago
Closed 5 months ago
Chain validated also with missing intermediate CRL (PKITS test 4.4.1)
Categories
(NSS :: Libraries, defect, P5)
Tracking
(Not tracked)
RESOLVED
INACTIVE
People
(Reporter: slavomir.katuscak+mozilla, Unassigned)
References
Details
PKITS test 4.4.1 (Missing CRL) fails for NSS. Certification path: root certificate + CRL, intermediate certificate (without CRL) and end certificate. End certificate is validated although intermediate CRL is missing.
|
||
Comment 1•17 years ago
|
||
For the current ("old") NSS Cert library, this behavior is working as intended.
So, this is not really a bug in NSS 3.11.x, but ...
The new function CERT_PKIXVerifyCert, in NSS 3.12, is defined to allow the
caller to require conformance with NIST's revocation policy. I don't know
if that's implemented yet, but when it is, we should check that this test
passes when CERT_PKIXVerifyCert is called with NIST revocation policy specified. 
|
||
Comment 2•16 years ago
|
||
This cannot be resolved until vfychain supports using CERT_PKIXVerifyCert with the NIST CRL policy. See bug 412468 .
|
|
||
Comment 3•15 years ago
|
||
Unsetting target milestone in unresolved bugs whose targets have passed.
Target Milestone: 3.12 → ---
|
||
Comment 4•14 years ago
|
||
Bugs that are currently assigned to Julien => assigning to nobody. Search for 20100628-kaie-jp
Assignee: bugzilla+nospam → nobody
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Updated•5 months ago
|
Severity: S3 → S4
Status: NEW → RESOLVED
Closed: 5 months ago
Priority: -- → P5
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•