Add option to CERT_PKIXVerifyCert to ignore end-entity validity dates (notBefore/notAfter)

ASSIGNED
Unassigned

Status

NSS
Libraries
--
enhancement
ASSIGNED
7 years ago
5 years ago

People

(Reporter: briansmith, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Similar work was done on a per-certificate basis in bug 390530. However, in Firefox, we would like to control this behavior on a per-validation, not per-certificate basis.

My plan is to add a cert_pi_ignoreEEValidityDates option to CERT_PKIXVerifyCert. When this option is given, then CERT_PKIXVerifyCert would act as if the EE certifiate had timeOK == PR_TRUE.
Since this touches the same files as bug 764973, shall I make this dependant on that one (in my personal queue) ie:
Which would probably land first? (working now on the assumtion that 764973 will land first).
Based on our conversation today, this is not a blocker for bug 699874.
No longer blocks: 699874
Priority: P1 → --
Target Milestone: 3.13.2 → ---
Assignee: brian → nobody
You need to log in before you can comment on or make changes to this bug.