Opened 7 weeks ago
Closed 7 weeks ago
#21048 closed enhancement (fixed)
make-ca-1.15
Reported by: | Xi Ruoyao | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | normal | Milestone: | 12.3 |
Component: | BOOK | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description ¶
New minor version to fix the ustreas.gov connectivity issue.
Change History (3)
comment:1 by , 7 weeks ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 7 weeks ago
- Revert "work around bug in p11-kit trust extract that allows certificates with nss-{email,server}-distrust after attribute to enter downstream": that isn't a bug in fact. The date in the attribute should be compared with the issue date of the downstream certificate provided by the web server or the email sender (that make-ca cannot know), not the system date. SSL implementations like GnuTLS or OpenSSL should handle them, but they seem not doing it properly. However that's not a valid reason to misinterpret the attribute.
comment:3 by , 7 weeks ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.