Open Bug 985025 Opened 6 years ago Updated 2 years ago

mozilla::pkix: do not accept the presence of pathLenConstraint in EE basic constraints extensions

Categories

(Core :: Security: PSM, defect, P3)

defect

Tracking

()

People

(Reporter: keeler, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [psm-backlog])

+++ This bug was initially created as a clone of Bug #985021 +++

According to rfc 5280 section 4.2.1.9:

   CAs MUST NOT include the pathLenConstraint field unless the cA
   boolean is asserted and the key usage extension asserts the
   keyCertSign bit.

This is the bug where we undo bug 985021 (i.e. we no longer accept the pathLenConstraint in end-entity certificate basic constraints extensions).
Summary: mozpkix/insanity::pkix: do not accept the presence of pathLenConstraint in EE basic constraints extensions → mozpkix::pkix: do not accept the presence of pathLenConstraint in EE basic constraints extensions
Summary: mozpkix::pkix: do not accept the presence of pathLenConstraint in EE basic constraints extensions → mozilla::pkix: do not accept the presence of pathLenConstraint in EE basic constraints extensions
Whiteboard: [psm-backlog]
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.