Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CRL check when CA miss CRLSign key usage #1006

Merged
merged 1 commit into from
May 20, 2024
Merged

Fix CRL check when CA miss CRLSign key usage #1006

merged 1 commit into from
May 20, 2024

Conversation

fmarco76
Copy link
Member

When CRLSign key usage is not present NSS crl check will consider the CRL source not present and skip the test. This is against the policy we want to implement.

This change force the need for the information source and the certificate will be marked as revoked if CRLSign is not present.

@fmarco76 fmarco76 requested a review from ladycfu May 15, 2024 13:18
@fmarco76 fmarco76 force-pushed the CC-CRLDP-CA-MissCRLSign branch from e23ed74 to 72260bc Compare May 15, 2024 17:28
@fmarco76
Fix CRL check when CA miss CRLSign key usage
1e3afde 
When CRLSign key usage is not present NSS crl check will consider
the CRL source not present and skip the test. This is against the policy
we want to implement.

This change force the need for the information source and the
certificate will be marked as revoked if CRLSign is not present.
@fmarco76 fmarco76 force-pushed the CC-CRLDP-CA-MissCRLSign branch from 72260bc to 1e3afde Compare May 16, 2024 12:57
@rjrelyea
Copy link
Member

Just verifying, this patch looks good to me!,
bob

ladycfu
ladycfu approved these changes May 20, 2024
View reviewed changes
Copy link
Contributor

@ladycfu ladycfu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM if tested to work.

@fmarco76 fmarco76 marked this pull request as ready for review May 20, 2024 15:37
@fmarco76
Copy link
Member Author

@ladycfu @rjrelyea Thanks for the review. I am merging these changes

@fmarco76 fmarco76 merged commit 3928e0d into dogtagpki:v4.9.x May 20, 2024
8 of 15 checks passed
@fmarco76 fmarco76 deleted the CC-CRLDP-CA-MissCRLSign branch May 20, 2024 15:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ladycfu ladycfu ladycfu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fmarco76 @rjrelyea @ladycfu