Closed
Bug 142867
Opened 22 years ago
Closed 21 years ago
pk12util always imports CA certs into softoken
Categories
(NSS :: Tools, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.8
People
(Reporter: julien.pierre, Assigned: rrelyea)
References
Details
Attachments
(1 file, 2 obsolete files)
10.24 KB,
patch
|
nelson
:
review+
|
Details | Diff | Splinter Review |
Even if a hardware token is specified on the pk12util command-line, CA certs are always imported into softoken. Since is is currently not possible to import CA certs into a hardware token due to a limitation in NSS APIs, we should at least display an message stating so rather than try and succeed importing the certificate into the wrong token.
Reporter | ||
Updated•22 years ago
|
Target Milestone: --- → 3.6
Comment 2•22 years ago
|
||
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Assignee | ||
Comment 3•21 years ago
|
||
Comment 4•21 years ago
|
||
I see at least one problem with this patch. The function SECOID_AddEntry is declared in secoid.h as returning a type SECOidTab, but the actual definition of the function in secoid.c returns a SECStatus. I'm surprised your compiler didn't generate an error for this.
Reporter | ||
Comment 5•21 years ago
|
||
Nelson, following up on your comment #4, please see bug 171084 .
Comment 6•21 years ago
|
||
Comment on attachment 116592 [details] [diff] [review] Import Intermediate CA's into token from the pkcs12 file. This doesn't need C++ to catch it. I believe many c implementations will detect it, just not the one Bob apparently used.
Attachment #116592 -
Flags: review-
Assignee | ||
Comment 7•21 years ago
|
||
There is a completely different problem. This patch is not for this bug. bob
Assignee | ||
Comment 8•21 years ago
|
||
This patch is for bug 196360 . I've attached an update. Note that the function is returning OidTags, even though it's locally declared to return SECStatus. The compilier that didn't even generate any warnings! is the Windows compiler. I'll attach the real patch for this bug just now...
Assignee | ||
Comment 9•21 years ago
|
||
This is the correct patch for this particular bug.
Attachment #116592 -
Attachment is obsolete: true
Assignee | ||
Updated•21 years ago
|
Attachment #117089 -
Flags: superreview?(nelsonb)
Attachment #117089 -
Flags: review?(jpierre)
Comment 10•21 years ago
|
||
This patch includes changes to file pk11sdr.c that do not appear to be related to this bug. Am I right that that change is unrelated? What bug does that change apply to?
Assignee | ||
Comment 11•21 years ago
|
||
Yes, those changes are related to bug 168398.
Reporter | ||
Comment 12•21 years ago
|
||
Comment on attachment 117089 [details] [diff] [review] Import Intermediate CA's into token from the pkcs12 file. Code looks good. I didn't test it because my hardware token isn't functional right now.
Attachment #117089 -
Flags: review?(jpierre) → review+
Comment 13•21 years ago
|
||
Regarding patch id=117089, This seems like it will work at intended, but in reviewing it, I found the use of the term "locale" confusing because that term commonly refers to character sets and localization of strings. The names of the enumerated constants were meaningful to me until I read the comments in the declaration. I think these variable and type names might be easier to name if they described what CAs (if any) go into the target token. I suggest calling the type SECPKCS12TargetTokenCAs, and the values SECPKCA12TargetTokenNoCAs, SECPKCS12TargetTokenIntermediateCAs SECPKCS12TargetTokenAllCAs and the function that sets this variable be SEC_PKCS12DecoderSetTargetTokenCAs. If those names are too long, perhaps you could drop Target or Token from them.
Assignee | ||
Comment 14•21 years ago
|
||
I like nelson's names better than mine... I'll attach an updated patch (I really didn't like locale either for much the same reasons...) bob
Assignee | ||
Comment 15•21 years ago
|
||
Same patch as before except 1) removed code from a different bug, 2) renamed variables as nelson suggested.
Attachment #117089 -
Attachment is obsolete: true
Reporter | ||
Comment 16•21 years ago
|
||
*** Bug 142889 has been marked as a duplicate of this bug. ***
Updated•21 years ago
|
Attachment #117089 -
Flags: superreview?(nelsonb) → superreview-
Comment 17•21 years ago
|
||
Comment on attachment 118104 [details] [diff] [review] Import CAs into PKCS 12 token r=nbb
Attachment #118104 -
Flags: review+
Assignee | ||
Comment 18•21 years ago
|
||
Final patch checked in.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•