Closed
Bug 527508
Opened 15 years ago
Closed 13 years ago
libpkix: need to check crl issuer key usages before downloading a crl using CRLDP
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.10
People
(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)
Details
(Whiteboard: PKIX)
Attachments
(1 file)
848 bytes,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
Current code in pkix_crlchecker.c does not verify key usage on the issuer cert at all. The verification is done only inside of a crlcache after an attempt to import a crl.
Attachment #411236 -
Flags: review?(nelson)
Assignee | ||
Updated•15 years ago
|
Whiteboard: PKIX
Updated•15 years ago
|
Target Milestone: 3.12.1 → 3.12.6
Comment 1•15 years ago
|
||
Did all.sh pass with this patch in place?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Assignee | ||
Comment 2•15 years ago
|
||
all.sh passed.
Updated•15 years ago
|
Attachment #411236 -
Flags: review?(nelson) → review+
Comment 3•15 years ago
|
||
Comment on attachment 411236 [details] [diff] [review] check key usage of the crl issuer cert r=nelson for 3.12.6, to be checked in after 3.12.5 is released.
Updated•14 years ago
|
Keywords: checkin-needed
Target Milestone: 3.12.6 → 3.12.8
Updated•14 years ago
|
Target Milestone: 3.12.8 → 3.12.9
Comment 4•13 years ago
|
||
Look like this was forgotten? I guess I should check this in now.
Comment 5•13 years ago
|
||
Checking in libpkix/pkix/checker/pkix_crlchecker.c; /cvsroot/mozilla/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c,v <-- pkix_crlchecker.c new revision: 1.7; previous revision: 1.6 done
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 6•13 years ago
|
||
3.12 branch: Checking in lib/libpkix/pkix/checker/pkix_crlchecker.c; /cvsroot/mozilla/security/nss/lib/libpkix/pkix/checker/pkix_crlchecker.c,v <-- pkix_crlchecker.c new revision: 1.6.6.1; previous revision: 1.6 done
Target Milestone: 3.12.9 → 3.12.10
Updated•13 years ago
|
Keywords: checkin-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•