Open Bug 989051 Opened 6 years ago Updated 2 years ago

mozilla::pkix does not process the id-ce-inhibitAnyPolicy extension correctly.

Categories

(Core :: Security: PSM, defect, P3)

x86_64
Linux
defect

Tracking

()

People

(Reporter: cviecco, Unassigned)

References

Details

(Whiteboard: [psm-backlog])

Since we allow anyPolicy for EV validation, we should also handle the case where inhibitanypolicyoid is found.
cviecco says that this extension rarely to never shows up in the wild, and the fallback is to not show the EV indicator so the current behavior is both safe and low-priority to fix.
No longer blocks: mozilla::pkix-beta
Summary: (mozilla::pkix) Should handle the Inhibit anyPolicy x509 extensions → mozilla::pkix does not process the id-ce-inhibitAnyPolicy extension correctly.
You need to log in before you can comment on or make changes to this bug.