Yes. NSS has two different ways to verify certificates - "original" and libpkix (the new way). Firefox uses "original" (as probably do most NSS apps), Chromium uses libpkix.
"Original" source pointer: http://mxr.mozilla.org/mozilla/source/security/nss/lib/certhigh/certvfy.c?ma rk=514,519,527,531,532#505 libpkix source pointer: http://mxr.mozilla.org/mozilla/source/security/nss/lib/libpkix/pkix/certsel/ pkix_certselector.c?mark=185,203-216#121 > -----Original Message----- > From: dev-tech-crypto-bounces+ryan- > mozdevtechcrypto=sleevi....@lists.mozilla.org [mailto:dev-tech-crypto- > bounces+ryan-mozdevtechcrypto=sleevi....@lists.mozilla.org] On Behalf > Of Ralph Holz (TUM) > Sent: Sunday, September 18, 2011 6:15 AM > To: mozilla-dev-tech-cry...@lists.mozilla.org > Subject: Question about pathlen extension checked > > Hi, > > does NSS check the pathlength extension in an issuing certificate? I am > particularly wondering if pathlen:0 is honoured. > > Thanks, > Ralph > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
