[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#6791) Patch - Mozilla NSS - cert verify uses incorrect values

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#6791) Patch - Mozilla NSS - cert verify uses incorrect values
From: hyc@symas.com
Date: Thu, 27 Jan 2011 20:35:49 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

rmeggins@redhat.com wrote:
> Full_Name: Rich Megginson
> Version: 2.4.23 (current CVS HEAD)
> OS: RHEL6
> URL: ftp://ftp.openldap.org/incoming/openldap-2.4.23-cert-verify-uses-incorrect-values-20110114.patch
> Submission from: (NULL) (76.113.111.209)
>
>
> The cert verify routines were using type SECCertUsage instead of type
> SECCertificateUsage.  The values are similar, and this was causing verify errors
> of SEC_ERROR_INADEQUATE_KEY_USAGE and SEC_ERROR_INADEQUATE_CERT_TYPE.  MozNSS
> only checks the usage if the cert includes the usage extensions which is why I
> didn't see this error earlier.

Talk about confusing ... committed to HEAD, thanks.
>
> These patch files are derived from OpenLDAP Software. All of the
> modifications to OpenLDAP Software represented in the following
> patch(es) were developed by Red Hat. Red Hat has not assigned rights
> and/or interest in this work to any party. I, Rich Megginson am
> authorized by Red Hat, my employer, to release this work under the
> following terms.
>
> Red Hat hereby place the following modifications to OpenLDAP Software
> (and only these modifications) into the public domain. Hence, these
> modifications may be freely used and/or redistributed for any purpose
> with or without attribution and/or other notice.
>


-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: (ITS#6807) syncrepl sends incomplete sync cookie in MMR
Next by Date: (ITS#6808) pcache monitoring cleanup needs monitor entry DN
Index(es):
- Chronological
- Thread