Open Bug 699884 Opened 11 years ago Updated 9 years ago

Add option to CERT_PKIXVerifyCert to ignore end-entity validity dates (notBefore/notAfter)


(NSS :: Libraries, enhancement)

Not set


(Not tracked)



(Reporter: briansmith, Unassigned)


Similar work was done on a per-certificate basis in bug 390530. However, in Firefox, we would like to control this behavior on a per-validation, not per-certificate basis.

My plan is to add a cert_pi_ignoreEEValidityDates option to CERT_PKIXVerifyCert. When this option is given, then CERT_PKIXVerifyCert would act as if the EE certifiate had timeOK == PR_TRUE.
Since this touches the same files as bug 764973, shall I make this dependant on that one (in my personal queue) ie:
Which would probably land first? (working now on the assumtion that 764973 will land first).
Based on our conversation today, this is not a blocker for bug 699874.
No longer blocks: 699874
Priority: P1 → --
Target Milestone: 3.13.2 → ---
Assignee: brian → nobody
You need to log in before you can comment on or make changes to this bug.