Closed GoogleCodeExporter closed 9 years ago
The certificate works with OS X 10.4-10.6 so it should be reasonable.
Original comment by jacob...@gmail.com
on 21 Feb 2011 at 4:49
-8102 = BASE+90 = sec_error_inadequate_key_usage
This is in fact what Firefox 4 also reports. So NSS is not the problem; we just
need to allow the user to use the cert. However, the cert is technically bad --
the key in question should not be used to sign it.
Original comment by classi...@floodgap.com
on 7 Mar 2011 at 1:23
Two changes needed. To PIPNSS/nsNSSIOLayer.cpp::nsContinueDespiteCertError, to
the switch list of error conditions that will prompt the dialogue, added
SEC_ERROR_INADEQUATE_KEY_USAGE. However, NSS will still fail because it does
not know to check the trust chain in that case, so to
NSS/certvfy.c::CERT_VerifyCert,
if ( CERT_CheckKeyUsage(cert, requiredKeyUsage) != SECSuccess
&& !cert->trust ) { // Classilla issue 156
PORT_SetError(SEC_ERROR_INADEQUATE_KEY_USAGE);
LOG_ERROR_OR_EXIT(log,cert,0,requiredKeyUsage);
Verified working against example site.
Original comment by classi...@floodgap.com
on 7 Mar 2011 at 2:39
Original issue reported on code.google.com by
classi...@floodgap.com
on 20 Feb 2011 at 5:03