Closed Bug 527508 Opened 15 years ago Closed 13 years ago

libpkix: need to check crl issuer key usages before downloading a crl using CRLDP

Categories

(NSS :: Libraries, defect)

3.12
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
3.12.10

People

(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)

Details

(Whiteboard: PKIX)

Attachments

(1 file)

Current code in pkix_crlchecker.c does not verify key usage on the issuer cert at all. The verification is done only inside of a crlcache after an attempt to import a crl.
Attachment #411236 - Flags: review?(nelson)
Whiteboard: PKIX
Target Milestone: 3.12.1 → 3.12.6
Did all.sh pass with this patch in place?
Status: UNCONFIRMED → NEW
Ever confirmed: true
all.sh passed.
Attachment #411236 - Flags: review?(nelson) → review+
Comment on attachment 411236 [details] [diff] [review]
check key usage of the crl issuer cert

r=nelson for 3.12.6, to be checked in after 3.12.5 is released.
Keywords: checkin-needed
Target Milestone: 3.12.6 → 3.12.8
Target Milestone: 3.12.8 → 3.12.9
Look like this was forgotten?

I guess I should check this in now.
Checking in libpkix/pkix/checker/pkix_crlchecker.c;
/cvsroot/mozilla/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c,v  <--  pkix_crlchecker.c
new revision: 1.7; previous revision: 1.6
done
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
3.12 branch:

Checking in lib/libpkix/pkix/checker/pkix_crlchecker.c;
/cvsroot/mozilla/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c,v  <--  pkix_crlchecker.c
new revision: 1.6.6.1; previous revision: 1.6
done
Target Milestone: 3.12.9 → 3.12.10
Keywords: checkin-needed
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: