Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cert validation changes in the latest NSS #4830

Merged
merged 2 commits into from
Aug 21, 2024
Merged

Commits on Aug 21, 2024

  1. Update cert approval callback

    Previously if a client tries to connect to a server but it does
    not have the CA signing cert installed and trusted it will get an
    UNTRUSTED_ISSUER error from NSS and the cert approval callback
    will ask the user whether to trust the cert. In the latest NSS
    the error has changed to UNKNOWN_ISSUER, so the callback has been
    updated to handle the error in the same way. The tests have also
    been updated accordingly.
    edewata committed Aug 21, 2024
    Configuration menu
    Copy the full SHA
    d725b5f View commit details
    Browse the repository at this point in the history
  2. Update sub CA tests

    The latest NSS requires the client to have the full cert chain
    in order to validate a cert, so most of the sub CA tests have
    been updated to install the sub CA signing cert in addition to
    the root CA signing cert. For some reason the sub CA tests with
    HSM still work without these changes. That will be investigated
    separately later.
    edewata committed Aug 21, 2024
    Configuration menu
    Copy the full SHA
    73805a1 View commit details
    Browse the repository at this point in the history