Open Bug 699884 Opened 11 years ago Updated 9 years ago

Add option to CERT_PKIXVerifyCert to ignore end-entity validity dates (notBefore/notAfter)

Tracking

(Not tracked)

Status:

ASSIGNED

People

(Reporter: briansmith, Unassigned)

Details

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Reporter

Description

•

11 years ago

Similar work was done on a per-certificate basis in bug 390530. However, in Firefox, we would like to control this behavior on a per-validation, not per-certificate basis.

My plan is to add a cert_pi_ignoreEEValidityDates option to CERT_PKIXVerifyCert. When this option is given, then CERT_PKIXVerifyCert would act as if the EE certifiate had timeOK == PR_TRUE.

Camilo Viecco (:cviecco)

Comment 1

•

10 years ago

Since this touches the same files as bug 764973, shall I make this dependant on that one (in my personal queue) ie:
Which would probably land first? (working now on the assumtion that 764973 will land first).

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Reporter

Comment 2

•

10 years ago

Based on our conversation today, this is not a blocker for bug 699874.

No longer blocks: 699874

Priority: P1 → --

Target Milestone: 3.13.2 → ---

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Reporter

Updated

•

9 years ago

Assignee: brian → nobody

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Add option to CERT_PKIXVerifyCert to ignore end-entity validity dates (notBefore/notAfter)

Categories

(NSS :: Libraries, enhancement)

Tracking

(Not tracked)

People

(Reporter: briansmith, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated