Actions
Bug #3237
closed
"Revoked" status is incorrect for certificates that are different but share the same descriptive name.
Start date:
09/26/2013
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All
Description
is_cert_revoked() in certs.inc is doing a bogus check on the certificate's descr field to see if the certificate is revoked when the IDs do not match. This leads to a certificate claiming to be revoked if it happens to share the same descr as a revoked certificate, regardless of whether not it is even from the same CA. Due to this, you cannot revoke the second certificate that shares the same descr, as it believes said certificate is already revoked.
It should do a more thorough check comparing the certificate's CA and serial number (ideally) or at least the CA+CN or full subject.
Updated by Jim Pingle about 11 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 0476134494c5e6079b7a98d53732b9448bc69435.
Updated by Jim Pingle about 11 years ago
Applied in changeset 6f4a2864ad0e83f152a0cdc9c157f5d95aa8a9c7.
Updated by
Actions