[Date Prev][Date Next]
(ITS#6998) MozNSS: when server certificate is not required, ignore expired issuer errors
- To: openldap-its@OpenLDAP.org
- Subject: (ITS#6998) MozNSS: when server certificate is not required, ignore expired issuer errors
- From: firstname.lastname@example.org
- Date: Wed, 20 Jul 2011 17:05:07 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Full_Name: Jan Vcelak
Submission from: (NULL) (18.104.22.168)
When the server certificate validity is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), expired certificate of the issuer of the server
certificate causes the connection to be terminated.
Uploaded patch fixes this by adding SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE error
to the list of ignored errors, when the certificate is not being checked. The
patch is created against OPENLDAP_REL_ENG_2_4 branch.