Closed Bug 553512 Opened 11 years ago Closed 11 years ago

SEC_OID_X509_ANY_POLICY should not be an UNSUPPORTED_CERT_EXTENSION

Categories

(NSS :: Libraries, defect)

3.12.4
defect
Not set
minor

Tracking

(Not tracked)

RESOLVED FIXED
3.12.7

People

(Reporter: wtc, Assigned: wtc)

Details

Attachments

(1 file)

Attached patch Proposed patchSplinter Review
In NSS 3.12.4, SEC_OID_X509_ANY_POLICY was added (bug 391434).

    OD( x509CertificatePoliciesAnyPolicy, SEC_OID_X509_ANY_POLICY,
 	"Certificate Policies AnyPolicy",
        CKM_INVALID_MECHANISM, UNSUPPORTED_CERT_EXTENSION ),

Since anyPolicy is not a certificate extension, it should be
INVALID_CERT_EXTENSION rather than UNSUPPORTED_CERT_EXTENSION.

See the following examples of adding certificate policy OIDs:

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/cmd/vfychain/vfychain.c&rev=1.30&mark=643,645,661#638

PSM adds EV certificate policy OIDs:
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/manager/ssl/src/nsIdentityChecking.cpp&rev=1.26&mark=432-433#420
Attachment #433502 - Flags: review?(alexei.volkov.bugs)
Comment on attachment 433502 [details] [diff] [review]
Proposed patch

r=alexei
Attachment #433502 - Flags: review?(alexei.volkov.bugs) → review+
I checked in the patch on the NSS trunk (NSS 3.12.7).

Checking in secoid.c;
/cvsroot/mozilla/security/nss/lib/util/secoid.c,v  <--  secoid.c
new revision: 1.57; previous revision: 1.56
done
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.