Closed Bug 620960 Opened 14 years ago Closed 12 years ago

Runtime configuration (enabled/disabled) for fetching intermediate CA certs

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Version:
3.13
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: KaiE, Unassigned)

References

Details

Bug 399324 proposes that automatic fetching of intermediate CA certs using pointers in AIA extensions is a privacy concern.

In case NSS decides to do it anyway by default, then bug 399324 comment 68 proposes that users should be able to disable automatic fetching.

As automatic fetching of intermediate certs would probably be triggered by NSS, this would require NSS support for either enabling or disabling this feature.

It could be implemented either using a global configuration flag, or a "ask for permission" callback.
This pref was added in bug 479393.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Oops, this is an NSS bug, not a PSM bug.

Perhaps WONTFIX is the better resolution here. The application can fully control this feature on a per-validation basis by using libpkix, as demonstrated by Kai's patch for Gecko in bug 479393.

Feel free to re-open if there is more work needed for this.
You need to log in before you can comment on or make changes to this bug.