Open
Bug 997994
Opened 10 years ago
Updated 2 years ago
mozilla::pkix: don't allow empty Extensions in OCSP responses
Categories
(Core :: Security: PSM, defect, P3)
Core
Security: PSM
Tracking
()
NEW
People
(Reporter: keeler, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [psm-backlog])
Attachments
(1 obsolete file)
In bug 991898, it became apparent that at least two responders are generating OCSP responses with empty Extensions. For compatibility, we're temporarily allowing that. This bug is to undo this.
Updated•10 years ago
|
No longer blocks: mozilla::pkix
Further break out some shared animation code.
Attachment #8409825 -
Flags: review?(lucasr.at.mozilla)
Assignee: nobody → michael.l.comella
Status: NEW → ASSIGNED
Comment on attachment 8409825 [details] [diff] [review] Part 2: Factor out animation code that runs on all devices. Sorry, bzexport typo.
Attachment #8409825 -
Attachment is obsolete: true
Attachment #8409825 -
Flags: review?(lucasr.at.mozilla)
Assignee: michael.l.comella → nobody
Status: ASSIGNED → NEW
Updated•10 years ago
|
Blocks: mozilla::pkix-CAs
Reporter | ||
Comment 3•8 years ago
|
||
Turns out, when we switched to decoding certificates with mozilla::pkix, we re-used the code that decodes optional extensions. So, currently mozilla::pkix allows certificates to have empty Extensions as well.
Reporter | ||
Updated•8 years ago
|
Whiteboard: [psm-backlog]
Reporter | ||
Updated•7 years ago
|
Priority: -- → P3
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•