Closed Bug 975777 Opened 6 years ago Closed 5 years ago

Active distrust is considered an overridable error

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: briansmith, Unassigned)

References

Details

From my addition to test_cert_overrides.js in bug 975122:

  // XXX(Bug XXXXX): Active distrust is an overridable error when NSS-based
  // verification is used.
  add_distrust_override_test("tlsserver/default-ee.der",
                             "untrusted.example.com",
                             getXPCOMStatusFromNSS(SEC_ERROR_UNTRUSTED_CERT),
                             useInsanity
                                ? getXPCOMStatusFromNSS(SEC_ERROR_UNTRUSTED_CERT)
                                : Cr.NS_OK);

  // XXX(Bug XXXXX): Active distrust is an overridable error when NSS-based
  // verification is used.
  add_distrust_override_test("tlsserver/other-test-ca.der",
                             "untrustedissuer.example.com",
                             getXPCOMStatusFromNSS(SEC_ERROR_UNTRUSTED_ISSUER),
                             useInsanity
                                ? getXPCOMStatusFromNSS(SEC_ERROR_UNTRUSTED_ISSUER)
                                : Cr.NS_OK);

Since this bug is fixed, let's make it depend on insanity::pkix.
Fixed by switching to mozilla::pkix.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.