Project

General

Profile

Actions

Bug #3237

closed

"Revoked" status is incorrect for certificates that are different but share the same descriptive name.

Added by Jim Pingle almost 8 years ago. Updated almost 7 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
09/26/2013
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

is_cert_revoked() in certs.inc is doing a bogus check on the certificate's descr field to see if the certificate is revoked when the IDs do not match. This leads to a certificate claiming to be revoked if it happens to share the same descr as a revoked certificate, regardless of whether not it is even from the same CA. Due to this, you cannot revoke the second certificate that shares the same descr, as it believes said certificate is already revoked.

It should do a more thorough check comparing the certificate's CA and serial number (ideally) or at least the CA+CN or full subject.

Actions #1

Updated by Jim Pingle almost 8 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #2

Updated by Jim Pingle almost 8 years ago

Actions #3

Updated by Chris Buechler almost 7 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF