Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test with self-issued certificate didn't set KeyCertSign nor CrlSign #8841

Closed
heng-liu opened this issue Nov 19, 2019 · 0 comments · Fixed by NuGet/NuGet.Client#3130
Closed

Test with self-issued certificate didn't set KeyCertSign nor CrlSign #8841

heng-liu opened this issue Nov 19, 2019 · 0 comments · Fixed by NuGet/NuGet.Client#3130
Assignees
@heng-liu
Labels
Functionality:Signing Type:Test

Comments

@heng-liu
Copy link
Contributor

From RFC 5280, section 4.2.1.3:

   If the keyUsage extension is present, then the subject public key
   MUST NOT be used to verify signatures on certificates or CRLs unless
   the corresponding keyCertSign or cRLSign bit is set.

But SigningTestUtility.cs will generate self-issued certificate without setting IsCA=true, so X509KeyUsageFlags.CrlSign and X509KeyUsageFlags.KeyCertSign are not set.
(It will generate PartialChain status when chain build on such self-issued certificate.)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@heng-liu heng-liu

Labels
Functionality:Signing Type:Test
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix self-issued certificate in signing/verification test NuGet/NuGet.Client
1 participant
@heng-liu