search

KawaiiBASIC / classilla

Automatically exported from code.google.com/p/classilla
0 stars 0 forks source link

Certificate validation errors "error -8155" #45

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Reported by Tim. Currently data.coremetrics.com is the test case.

The symptom is
"Unable to establish an encrypted connection to data.coremetrics.com 
error -8155"

The certificate checks out on Camino. This is probably a flaw in NSS PKI
and likely affects other sites. Critical fix for 9.0.4.

Original issue reported on code.google.com by classi...@floodgap.com on 11 Aug 2009 at 3:33

GoogleCodeExporter commented 9 years ago 
The certificate when run through Netscape 4.x generates a path length constraint
error, but this might be spurious.

Original comment by classi...@floodgap.com on 11 Aug 2009 at 3:34

GoogleCodeExporter commented 9 years ago 
Actually, per 
http://mxr.mozilla.org/mozilla1.8/source/security/nss/lib/util/secerr.h
-8155 is BASE + 37, which is indeed SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID. Go 
Nav4!

Looks like it is thrown by
http://mxr.mozilla.org/mozilla1.8/source/security/nss/lib/certhigh/certvfy.c

Original comment by classi...@floodgap.com on 11 Aug 2009 at 4:11

GoogleCodeExporter commented 9 years ago 
This looks like our winner:

https://bugzilla.mozilla.org/show_bug.cgi?id=221644

I will try to land this on the internal tree tonight and see if it fixes the 
problem.

Original comment by classi...@floodgap.com on 11 Aug 2009 at 4:21

GoogleCodeExporter commented 9 years ago 
While we're at it, let's also fix
https://bugzilla.mozilla.org/show_bug.cgi?id=231775
and issue 38.

There was another one I wanted to fix that's on the G5, I'll add that to this 
list later.

Original comment by classi...@floodgap.com on 11 Aug 2009 at 4:51

GoogleCodeExporter commented 9 years ago 
Landed along with bugzilla 384459. Test case resolved. Marking verified.

Original comment by classi...@floodgap.com on 12 Aug 2009 at 5:22