[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#6791) Patch - Mozilla NSS - cert verify uses incorrect values

To: openldap-its@OpenLDAP.org
Subject: (ITS#6791) Patch - Mozilla NSS - cert verify uses incorrect values
From: rmeggins@redhat.com
Date: Sat, 15 Jan 2011 00:13:50 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Rich Megginson
Version: 2.4.23 (current CVS HEAD)
OS: RHEL6
URL: ftp://ftp.openldap.org/incoming/openldap-2.4.23-cert-verify-uses-incorrect-values-20110114.patch
Submission from: (NULL) (76.113.111.209)


The cert verify routines were using type SECCertUsage instead of type
SECCertificateUsage.  The values are similar, and this was causing verify errors
of SEC_ERROR_INADEQUATE_KEY_USAGE and SEC_ERROR_INADEQUATE_CERT_TYPE.  MozNSS
only checks the usage if the cert includes the usage extensions which is why I
didn't see this error earlier.

These patch files are derived from OpenLDAP Software. All of the
modifications to OpenLDAP Software represented in the following
patch(es) were developed by Red Hat. Red Hat has not assigned rights
and/or interest in this work to any party. I, Rich Megginson am
authorized by Red Hat, my employer, to release this work under the
following terms.

Red Hat hereby place the following modifications to OpenLDAP Software
(and only these modifications) into the public domain. Hence, these
modifications may be freely used and/or redistributed for any purpose
with or without attribution and/or other notice.

Prev by Date: (ITS#6790) Patch - Mozilla NSS - fix default cipher suite list
Next by Date: (ITS#6792) rwm with broken config suppresses LDAP response
Index(es):
- Chronological
- Thread