Closed
Bug 91407
Opened 23 years ago
Closed 23 years ago
PSM does not import certificate chain more than 1 level
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.1
People
(Reporter: thomask, Assigned: javi)
References
()
Details
Attachments
(1 file)
17.54 KB,
patch
|
Details | Diff | Splinter Review |
I have setup a CMS4.2SP2, and have installed NS6.1PR1. I went to CMS's end-user Retrieval > Import CA Certificate Chain page. And Selected "Import the CA Certificate chain into your browser". Now, this is a subordinate CA. Its chains contains the subordinate CA's certificate and also the root CA's certificate. PSM only imported the subordinate-CA certificate. (FYI, the old browser, communicator 4.7 without PSM would only import the root certificate). The correct behaviour is to import both certificates.
Updated•23 years ago
|
Assignee: ssaux → javi
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P1
Target Milestone: --- → 2.1
Comment 1•23 years ago
|
||
junruh. We don't seem to have a certificate chain on your test environment that has more than one level. P1 t->2.1 ->javi
Comment 2•23 years ago
|
||
Reporter, can you try this again with today's build? I believe that this was fixed with bug 84201.
Just setup a sub ca, and use the latest PSM (07-20). Problem persists. http://192.18.121.247:1024/GetCAChain.html
Comment 4•23 years ago
|
||
I've added a test to import a subordinate root CA at http://junruh.mcom.com/tests.html under "Get Roots CAs"
Comment 5•23 years ago
|
||
adding nsenterprise to all P1, P2 PSM bugs with target milestone of 2.1
Keywords: nsenterprise
Assignee | ||
Comment 6•23 years ago
|
||
The test site is no longer up, can we get a permanent test site deplyed to test against?
Assignee | ||
Comment 8•23 years ago
|
||
We've got an internal site that has a multiple cert chain. http://juggler.red.iplanet.com:81/ This is how I see the bug right now: CMS sends us PKCS 7 signed blob, but sends the mime type of application/x-x509-ca-cert. PSM interprets this to mean only *one* CA is about to be delivered. Is the application/x-x509-ca-cert always a PKCS7 Signed blob? If so, then we have to make our code smarter. If not, then there's a bigger problem that will required changes to both CMS and the client.
Updated•23 years ago
|
Keywords: nsenterprise → nsenterprise+
Assignee | ||
Comment 9•23 years ago
|
||
Comment 11•23 years ago
|
||
r=ddrinan.
Assignee | ||
Comment 12•23 years ago
|
||
Have been trying to get this super reviewed since Friday. Just sent a request to tor asking for a review.
Comment 13•23 years ago
|
||
sr=tor
Assignee | ||
Comment 14•23 years ago
|
||
patch checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•23 years ago
|
Comment 15•23 years ago
|
||
Marking VERIFIED FIXED on: - MacOS91 2001-08-22-08-trunk (commercial) - MacOS_X 2001-08-22-05-trunk (mozilla) - LinRH62 2001-08-22-08-trunk (commercial) - Win98SE 2001-08-22-06-trunk (commercial)
Status: RESOLVED → VERIFIED
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•