Closed Bug 943624 Opened 8 years ago Closed 5 years ago

Extend OCSP stapling tests to verify support for SHA-2 (SHA-256, SHA-384) signatures

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: briansmith, Unassigned)

References

Details

I made a comment about the limitations of our SHA-2 support, intending to reference bug 663315, that made some people concerned about our support for verifying ocsp responses that were signed using SHA-2 signatures.

We should add some tests that use SHA-2 based certificates, to reassure CABForum that we correctly support SHA-2-signed OCSP responses.
Our tests currently only use sha-2 based signatures: https://dxr.mozilla.org/mozilla-central/rev/c67dc1f9fab86d4f2cf3224307809c44fe3ce820/security/pkix/test/lib/pkixtestutil.cpp#154
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.