Verify certificate key usage extension in insanity::pkix

RESOLVED FIXED in Firefox 29

Status

()

RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: briansmith, Assigned: briansmith)

Tracking

Trunk
mozilla30
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox29 fixed, firefox30 fixed)

Details

Attachments

(1 attachment)

Comment hidden (empty)
Depends on: 921892
Created attachment 8370953 [details] [diff] [review]
Verify key usage extension in insanity::pkix
Attachment #8370953 - Flags: review?(dkeeler)
Attachment #8370953 - Flags: review?(cviecco)
Comment on attachment 8370953 [details] [diff] [review]
Verify key usage extension in insanity::pkix

Review of attachment 8370953 [details] [diff] [review]:
-----------------------------------------------------------------

Cool.

::: security/insanity/lib/pkixcheck.cpp
@@ +63,5 @@
> +  }
> +
> +  SECItem tmpItem;
> +  Result rv = MapSECStatus(SEC_QuickDERDecodeItem(arena, &tmpItem,
> +                              SEC_ASN1_GET(SEC_BitStringTemplate),

The indentation here is a bit of a bummer. Maybe have an intermediate variable, assign it the result of SEC_QuickDERDecodeItem, and MapSECStatus that result? Ugh. That probably won't work because of SEC_ASN1_GET(SEC_BitStringTemplate), though... Oh, well. No big deal if this doesn't look super pretty.
Attachment #8370953 - Flags: review?(dkeeler) → review+
Attachment #8370953 - Flags: review?(cviecco) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/e550cbd8d393
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla30
https://hg.mozilla.org/mozilla-central/rev/e550cbd8d393
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
See Also: → bug 550052
Comment on attachment 8370953 [details] [diff] [review]
Verify key usage extension in insanity::pkix

[Approval Request Comment]
See bug 878932 comment 37.
Attachment #8370953 - Flags: approval-mozilla-aurora?
Comment on attachment 8370953 [details] [diff] [review]
Verify key usage extension in insanity::pkix

Uplifted granted to the patches relative to the new feature: "Add insanity::pkix as certificate verification option"
Lukas and I discussed with Brian and we think it is important to have this feature for 29 (but disabled by default).
It is early in the aurora process and they have plenty of tests for these feature (and to make sure that the current behaviors are still performing correctly).
Attachment #8370953 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
status-firefox30: --- → fixed
You need to log in before you can comment on or make changes to this bug.