Closed Bug 678675 Opened 13 years ago Closed 13 years ago

CERT_PKIXVerifyCert should create better CERTVerifyLog entries

Categories

(NSS :: Libraries, defect)

3.13
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 640892

People

(Reporter: KaiE, Unassigned)

References

Details

The error log returned by CERT_PKIXVerifyCert isn't helpful.
It seems, it's even wrong.

Using my experimental patch in bug 678610, I tested a site which has a certain broken setup:

root
- intermediate 1
  - intermediate 2
    - server cert

When requesting OCSP for any of the intermediates, the OCSP server returns different errors.

I have enabled "strict OCSP", but the error log doesn't point to these problems.

What I get is a log with a single entry that says:
  {"root", sec_error_revoked_certificate}
Blocks: 678610
Clarification:

My test attempts to verify the "server cert",
the verification failures happen with the "intermediate certs",
but error log reports a problem with "root".
Kai, thanks for the bug report.  This is a known bug.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.