Cisco Bug: CSCvs50575 - SEC-509-VALIDATE-3: FAILURES ON ASR9K
Sep 02, 2020
- Cisco ASR 9000 Series Aggregation Services Routers
- Cisco IOS XR Software
- Cisco Network Convergence System 1001
Known Affected Releases
Symptom: 1. TLS session gets established when basic constraints flag is not present in CA/SUB-CA certificate. 2. TLS session gets established when EKU is not used for the purpose it is supposed to be used for. Conditions: 1. This problem can occur when user tries to establish TLS session over syslog with CA/SUB-CA certificate having basic constraints flags set to FALSE. 2. This problem can occur when extended key usage(EKU) is set to purpose OCSPSigning during syslog over TLS connection establishment.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases