PKITS test 4.4.1 (Missing CRL) fails for NSS. Certification path: root certificate + CRL, intermediate certificate (without CRL) and end certificate. End certificate is validated although intermediate CRL is missing.
For the current ("old") NSS Cert library, this behavior is working as intended. So, this is not really a bug in NSS 3.11.x, but ... The new function CERT_PKIXVerifyCert, in NSS 3.12, is defined to allow the caller to require conformance with NIST's revocation policy. I don't know if that's implemented yet, but when it is, we should check that this test passes when CERT_PKIXVerifyCert is called with NIST revocation policy specified.
This cannot be resolved until vfychain supports using CERT_PKIXVerifyCert with the NIST CRL policy. See bug 412468 .
Unsetting target milestone in unresolved bugs whose targets have passed.
Target Milestone: 3.12 → ---
Bugs that are currently assigned to Julien => assigning to nobody. Search for 20100628-kaie-jp
Assignee: bugzilla+nospam → nobody
You need to log in before you can comment on or make changes to this bug.