Project

General

Profile

Bug #3237

"Revoked" status is incorrect for certificates that are different but share the same descriptive name.

Added by Jim Pingle over 7 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
09/26/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
All
Affected Architecture:
All

Description

is_cert_revoked() in certs.inc is doing a bogus check on the certificate's descr field to see if the certificate is revoked when the IDs do not match. This leads to a certificate claiming to be revoked if it happens to share the same descr as a revoked certificate, regardless of whether not it is even from the same CA. Due to this, you cannot revoke the second certificate that shares the same descr, as it believes said certificate is already revoked.

It should do a more thorough check comparing the certificate's CA and serial number (ideally) or at least the CA+CN or full subject.

Associated revisions

Revision 04761344 (diff)
Added by Jim Pingle over 7 years ago

Perform a much more accurate comparison between two certificates to determine if they are identical when checking their revocation status. Fixes #3237

Revision 6f4a2864 (diff)
Added by Jim Pingle over 7 years ago

Perform a much more accurate comparison between two certificates to determine if they are identical when checking their revocation status. Fixes #3237

History

#1 Updated by Jim Pingle over 7 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#3 Updated by Chris Buechler over 6 years ago

  • Status changed from Feedback to Resolved

fixed

Also available in: Atom PDF