Bugzilla – Full Text Bug Listing
| Summary: | Implement purpose validation for SSL certificates | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [RT] Jetty | Reporter: | Michael Gorovoy <mgorovoy> | ||||
| Component: | server | Assignee: | Jesse McConnell <jesse.mcconnell> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | |||||
| Severity: | enhancement | ||||||
| Priority: | P3 | CC: | gregw, jetty-inbox, mgorovoy | ||||
| Version: | 7.2.2 | ||||||
| Target Milestone: | 7.5.x | ||||||
| Hardware: | PC | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| Attachments: |
|
||||||
|
Description
Michael Gorovoy
Created attachment 188964 [details]
Untested implementation
Michael, can you describe a bit more what this does? perhaps in the javadoc in the patch. Also test harness would be good. Do you have an update on this Michael? This is the implementation of certificate purpose validation. It is intended to ensure that a certificate is not being used for the purpose that it was not intended to be used by the certificate authority that signed it, e.g. code signing certificate is not being used to encrypt SSL traffic. It attempts to validate both certificate purpose bit mask as well as certificate usage extension string values. We would need to produce a test certificate that would have certificate purpose set in it, as well as a certificate with certificate usage extension enabled in order to test this code. -Michael there has been enough work done in ssl and whatnot lately that I am just going to close this for now. someday should there be an outpouring of desire for this feature we can look back at how this was implemented and take care of it then thanks though michael :) |