6791 – Patch - Mozilla NSS - cert verify uses incorrect values

Issue 6791 - Patch - Mozilla NSS - cert verify uses incorrect values

Summary: Patch - Mozilla NSS - cert verify uses incorrect values

Status:	VERIFIED FIXED

Alias:	None

Product:	OpenLDAP
Classification:	Unclassified
Component:	slapd (show other issues)
Version:	unspecified
Hardware:	All All

Importance:	--- normal
Target Milestone:	---
Assignee:	OpenLDAP project

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-01-15 00:13 UTC by rich.megginson@gmail.com
Modified:	2014-08-01 21:04 UTC (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description rich.megginson@gmail.com 2011-01-15 00:13:50 UTC

Full_Name: Rich Megginson
Version: 2.4.23 (current CVS HEAD)
OS: RHEL6
URL: ftp://ftp.openldap.org/incoming/openldap-2.4.23-cert-verify-uses-incorrect-values-20110114.patch
Submission from: (NULL) (76.113.111.209)


The cert verify routines were using type SECCertUsage instead of type
SECCertificateUsage.  The values are similar, and this was causing verify errors
of SEC_ERROR_INADEQUATE_KEY_USAGE and SEC_ERROR_INADEQUATE_CERT_TYPE.  MozNSS
only checks the usage if the cert includes the usage extensions which is why I
didn't see this error earlier.

These patch files are derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following
patch(es) were developed by Red Hat. Red Hat has not assigned rights
and/or interest in this work to any party. I, Rich Megginson am
authorized by Red Hat, my employer, to release this work under the
following terms.

Red Hat hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose
with or without attribution and/or other notice.

Comment 1 Howard Chu 2011-01-27 12:34:48 UTC

changed notes
changed state Open to Test
moved from Incoming to Software Bugs

Comment 2 Quanah Gibson-Mount 2011-01-27 12:53:40 UTC

changed notes
changed state Test to Release

Comment 3 Howard Chu 2011-01-27 20:35:18 UTC

rmeggins@redhat.com wrote:
> Full_Name: Rich Megginson
> Version: 2.4.23 (current CVS HEAD)
> OS: RHEL6
> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.23-cert-verify-uses-incorrect-values-20110114.patch
> Submission from: (NULL) (76.113.111.209)
>
>
> The cert verify routines were using type SECCertUsage instead of type
> SECCertificateUsage.  The values are similar, and this was causing verify errors
> of SEC_ERROR_INADEQUATE_KEY_USAGE and SEC_ERROR_INADEQUATE_CERT_TYPE.  MozNSS
> only checks the usage if the cert includes the usage extensions which is why I
> didn't see this error earlier.

Talk about confusing ... committed to HEAD, thanks.
>
> These patch files are derived from OpenLDAP Software. All of the
> modifications to OpenLDAP Software represented in the following
> patch(es) were developed by Red Hat. Red Hat has not assigned rights
> and/or interest in this work to any party. I, Rich Megginson am
> authorized by Red Hat, my employer, to release this work under the
> following terms.
>
> Red Hat hereby place the following modifications to OpenLDAP Software
> (and only these modifications) into the public domain. Hence, these
> modifications may be freely used and/or redistributed for any purpose
> with or without attribution and/or other notice.
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Comment 4 Quanah Gibson-Mount 2011-02-14 12:42:48 UTC

changed notes
changed state Release to Closed

Comment 5 OpenLDAP project 2014-08-01 21:04:33 UTC

fixed in HEAD
Fixed in RE24