Closed Bug 921893 Opened 6 years ago Closed 6 years ago

Verify certificate key usage extension in insanity::pkix

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla30
Tracking Status
firefox29 --- fixed
firefox30 --- fixed

People

(Reporter: briansmith, Assigned: briansmith)

References

Details

Attachments

(1 file)

No description provided.
Comment on attachment 8370953 [details] [diff] [review]
Verify key usage extension in insanity::pkix

Review of attachment 8370953 [details] [diff] [review]:
-----------------------------------------------------------------

Cool.

::: security/insanity/lib/pkixcheck.cpp
@@ +63,5 @@
> +  }
> +
> +  SECItem tmpItem;
> +  Result rv = MapSECStatus(SEC_QuickDERDecodeItem(arena, &tmpItem,
> +                              SEC_ASN1_GET(SEC_BitStringTemplate),

The indentation here is a bit of a bummer. Maybe have an intermediate variable, assign it the result of SEC_QuickDERDecodeItem, and MapSECStatus that result? Ugh. That probably won't work because of SEC_ASN1_GET(SEC_BitStringTemplate), though... Oh, well. No big deal if this doesn't look super pretty.
Attachment #8370953 - Flags: review?(dkeeler) → review+
Attachment #8370953 - Flags: review?(cviecco) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/e550cbd8d393
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla30
https://hg.mozilla.org/mozilla-central/rev/e550cbd8d393
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Comment on attachment 8370953 [details] [diff] [review]
Verify key usage extension in insanity::pkix

[Approval Request Comment]
See bug 878932 comment 37.
Attachment #8370953 - Flags: approval-mozilla-aurora?
Comment on attachment 8370953 [details] [diff] [review]
Verify key usage extension in insanity::pkix

Uplifted granted to the patches relative to the new feature: "Add insanity::pkix as certificate verification option"
Lukas and I discussed with Brian and we think it is important to have this feature for 29 (but disabled by default).
It is early in the aurora process and they have plenty of tests for these feature (and to make sure that the current behaviors are still performing correctly).
Attachment #8370953 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.