Certificate Viewer only displays the first CRL Distribution Point location

RESOLVED WONTFIX

Status

()

Core
Security: PSM
RESOLVED WONTFIX
7 years ago
2 years ago

People

(Reporter: Ryan Sleevi, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [psm-crl], URL)

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
Created attachment 493562 [details]
Screen shot showing the bug

When viewing a certificate with a CRL Distribution Point extension which contains multiple GeneralNames in the fullName field of the DistributionPointName, only the first GeneralName is displayed.

According to RFC 3280, the fullName field is defined as GeneralNames:

DistributionPointName ::= CHOICE {
     fullName                [0]     GeneralNames,
     nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }

and GeneralNames is defined as a SEQUENCE of GeneralName:

GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName

The root cause is found in nsNSSCertHelper.cpp, as it is calling ProcessGeneralName, which processes a single GeneralName, rather than ProcessGeneralNames

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/manager/ssl/src/nsNSSCertHelper.cpp&rev=1.38&mark=1479,1454#1454

The problem is resolved by updating the highlighted call to ProcessGeneralNames.
(Reporter)

Updated

7 years ago
OS: Windows 7 → All
Hardware: x86 → All

Comment 1

7 years ago
Thanks for the bug report.  We should take the
opportunity to review other related code in NSS:
http://mxr.mozilla.org/security/ident?i=distPoint
http://mxr.mozilla.org/security/ident?i=fullName
http://mxr.mozilla.org/security/ident?i=derFullName

Also, we should add a new enum constant 'generalNames'
and deprecate the original enum constant 'generalName':

http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/certdb/certt.h&rev=1.54&mark=731#727

typedef enum DistributionPointTypesEnum {
    generalNames = 1,                    /* only support this for now */
    generalName = generalNames,          /* deprecated */
    relativeDistinguishedName = 2
} DistributionPointTypes;

Updated

7 years ago
Whiteboard: [psm-crl]
Support for CRLs was removed. I don't think it's important to fix this in the certificate viewer.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.