Nelson Bolyard wrote, On 2009-04-19 22:54 PDT: > > ... and then into the depths of libPKIX. > > Time to get out the debugger,
Even though I don't have a real test case, I did launch the debugger and watch it go into libPKIX. At this line http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/libpkix/pkix/checker/pkix_policychecker.c&rev=1.1&mark=486-488#486 I saw it set the initialExplicitPolicy in the actual checker state, and set the explicitPolicy variable to 0, just as the RFC says. I couldn't go far beyond that with the certs I was using. (We really should take this to dev-tech-crypto, and I am doing so herewith. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
