Closed
Bug 554425
Opened 15 years ago
Closed 15 years ago
Remove support for Netscape SSL server names (SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME)
Categories
(NSS :: Libraries, enhancement, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.7
People
(Reporter: matt, Assigned: nelson)
References
Details
Attachments
(1 file, 1 obsolete file)
|
1.34 KB,
patch
|
rrelyea
:
review+
matt
:
review+
|
Details | Diff | Splinter Review |
NSS currently recognizes a Netscape SSL server name (SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME) in a certificate as an authorized hostname, overriding the common name. According to bug 394919 comment #38, no one is using this feature and it can just be removed. That will make our lives slightly easier in bug 394919.
|
Assignee | |
Updated•15 years ago
|
Blocks: 394919
Severity: normal → enhancement
Priority: -- → P2
Target Milestone: --- → 3.12.7
Version: unspecified → trunk
|
|
Assignee | |
Comment 1•15 years ago
|
||
Pretty simple.
Bob, please review.
Attachment #435486 -
Flags: review?(rrelyea)
|
||
Comment 2•15 years ago
|
||
Comment on attachment 435486 [details] [diff] [review]
Patch v1 for NSS Trunk
r+ rrelyea
Attachment #435486 -
Flags: review?(rrelyea) → review+
|
Reporter | |
Comment 3•15 years ago
|
||
Comment on attachment 435486 [details] [diff] [review]
Patch v1 for NSS Trunk
There are two places where the SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME is used as a server name:
https://mxr.mozilla.org/mozilla/ident?i=SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME&filter=security%2Fnss
You missed the important one, in CERT_VerifyCertName. CERT_GetValidDNSPatternsFromCert is not used yet (see bug 411246).
|
|
Assignee | |
Comment 4•15 years ago
|
||
Glad you caught that Matt, so I'll invite you to review this patch.
Attachment #435486 -
Attachment is obsolete: true
Attachment #436423 -
Flags: review?(matt)
|
|
Assignee | |
Updated•15 years ago
|
Attachment #436423 -
Flags: review?(rrelyea)
|
|
Reporter | |
Comment 5•15 years ago
|
||
Comment on attachment 436423 [details] [diff] [review]
Patch v2 for NSS trunk
The patch looks correct, though I haven't actually tested it (I am still setting up my Mozilla development environment).
Attachment #436423 -
Flags: review+
|
|
Reporter | |
Updated•15 years ago
|
Attachment #436423 -
Flags: review?(matt)
|
|
||
Comment 6•15 years ago
|
||
Comment on attachment 436423 [details] [diff] [review]
Patch v2 for NSS trunk
r+ rrelyea
Attachment #436423 -
Flags: review?(rrelyea) → review+
|
|
Assignee | |
Comment 7•15 years ago
|
||
Bug 554425: Remove support for Netscape's SSL server name extension
r=rrelyea@redhat.com,matt@mattmccutchen.net
Checking in lib/certdb/certdb.c; new revision: 1.104; previous revision: 1.103
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•