Opened 2 months ago
Closed 2 months ago
#21048 closed enhancement (fixed)
make-ca-1.15
| Reported by: | Xi Ruoyao | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | normal | Milestone: | 12.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New minor version to fix the ustreas.gov connectivity issue.
Change History (3)
comment:1 by , 2 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 months ago
- Revert "work around bug in p11-kit trust extract that allows certificates with nss-{email,server}-distrust after attribute to enter downstream": that isn't a bug in fact. The date in the attribute should be compared with the issue date of the downstream certificate provided by the web server or the email sender (that make-ca cannot know), not the system date. SSL implementations like GnuTLS or OpenSSL should handle them, but they seem not doing it properly. However that's not a valid reason to misinterpret the attribute.
comment:3 by , 2 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
