Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.
Bug 337170 - Implement purpose validation for SSL certificates
Summary: Implement purpose validation for SSL certificates
Status: CLOSED WONTFIX
Alias: None
Product: Jetty
Classification: RT
Component: server (show other bugs)
Version: 7.2.2   Edit
Hardware: PC All
: P3 enhancement (vote)
Target Milestone: 7.5.x   Edit
Assignee: Jesse McConnell CLA
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-14 17:03 EST by Michael Gorovoy CLA
Modified: 2011-10-26 17:01 EDT (History)
3 users (show)

See Also:

Attachments
Untested implementation (4.43 KB, patch)
2011-02-14 17:08 EST, Michael Gorovoy CLA 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Gorovoy CLA 2011-02-14 17:03:55 EST 
This enhancement will allow validating purpose of SSL certificate specified by one or more of certificate extensions.
Comment 1 Michael Gorovoy CLA 2011-02-14 17:08:43 EST 
Created attachment 188964 [details]
Untested implementation
Comment 2 Greg Wilkins CLA 2011-06-09 19:25:00 EDT 
Michael,

can you describe a bit more what this does?  perhaps in the javadoc in the patch. Also test harness would be good.
Comment 3 Jesse McConnell CLA 2011-07-19 15:32:57 EDT 
Do you have an update on this Michael?
Comment 4 Michael Gorovoy CLA 2011-07-21 14:56:13 EDT 
This is the implementation of certificate purpose validation. It is intended to ensure that a certificate is not being used for the purpose that it was not intended to be used by the certificate authority that signed it, e.g. code signing certificate is not being used to encrypt SSL traffic. It attempts to validate both certificate purpose bit mask as well as certificate usage extension string values.

We would need to produce a test certificate that would have certificate purpose set in it, as well as a certificate with certificate usage extension enabled in order to test this code.

-Michael
Comment 5 Jesse McConnell CLA 2011-10-26 17:01:55 EDT 
there has been enough work done in ssl and whatnot lately that I am just going to close this for now. someday should there be an outpouring of desire for this feature we can look back at how this was implemented and take care of it then 

thanks though michael :)