View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001087 | bugs.cacert.org | public | 2012-07-25 04:33 | 2012-07-27 22:52 | |
| Reporter | DavidMcIlwraith | Assigned To | |||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | closed | Resolution | open | ||
| Platform | Default | OS | any | OS Version | any |
| Summary | 0001087: CAcert, Inc.'s root certificates' keyUsage field missing | ||||
| Description | As with _all_ other CA certificates included in TLS clients, keyUsage field in the CA certificates should be: X509v3 Key Usage: Certificate Sign, CRL Sign Instead, it entirely lacks a keyUsage field. This may be related to the bug report with user certificates; whilst not critical (as basicConstraints is set to critical,CA:TRUE), it means that the root (class I) and subsidiary root (class III) certs are trusted for purposes other than acting as a CA. | ||||
| Steps To Reproduce | openssl x509 -in root.crt -text -noout | ||||
| Additional Information | n/a | ||||
| Tags | No tags attached. | ||||
|
|
I should add that whilst some root certificates issued prior to 2000 also lack this constraint, it is PKIX-recommended practice. (May wish to be added to the new roots that are a WIP?) |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-07-25 04:33 | DavidMcIlwraith | New Issue | |
| 2012-07-25 04:37 | DavidMcIlwraith | Severity | major => feature |
| 2012-07-25 04:37 | DavidMcIlwraith | Status | new => needs work |
| 2012-07-25 04:37 | DavidMcIlwraith | Steps to Reproduce Updated | |
| 2012-07-25 04:59 | DavidMcIlwraith | Note Added: 0003113 | |
| 2012-07-25 05:00 | DavidMcIlwraith | Note Edited: 0003113 | |
| 2012-07-27 04:27 | DavidMcIlwraith | Relationship added | related to 0000540 |
| 2012-07-27 22:52 | DavidMcIlwraith | Status | needs work => closed |
