Chain validated also with missing intermediate CRL (PKITS test 4.4.1)

NEW
Unassigned

Status

NSS
Libraries
10 years ago
8 years ago

People

(Reporter: Slavomir Katuscak, Unassigned)

Tracking

(Depends on: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

10 years ago
PKITS test 4.4.1 (Missing CRL) fails for NSS.

Certification path: root certificate + CRL, intermediate certificate (without CRL) and end certificate. End certificate is validated although intermediate CRL is missing.
For the current ("old") NSS Cert library, this behavior is working as intended.
So, this is not really a bug in NSS 3.11.x, but ...

The new function CERT_PKIXVerifyCert, in NSS 3.12, is defined to allow the 
caller to require conformance with NIST's revocation policy.  I don't know
if that's implemented yet, but when it is, we should check that this test 
passes when CERT_PKIXVerifyCert is called with NIST revocation policy specified. 

Updated

10 years ago
Depends on: 412468

Comment 2

10 years ago
This cannot be resolved until vfychain supports using CERT_PKIXVerifyCert with the NIST CRL policy. See bug 412468 .
Unsetting target milestone in unresolved bugs whose targets have passed.
Target Milestone: 3.12 → ---

Comment 4

8 years ago
Bugs that are currently assigned to Julien => assigning to nobody.
Search for 20100628-kaie-jp
Assignee: bugzilla+nospam → nobody
You need to log in before you can comment on or make changes to this bug.