Closed
Bug 1458518
Opened 6 years ago
Closed 6 years ago
Nicknames of existing certificates in NSS SQL DB should remain unchanged on repeated import attempts
Categories
(NSS :: Libraries, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
3.38
People
(Reporter: KaiE, Assigned: rrelyea)
Details
Attachments
(2 files)
1.09 KB,
patch
|
KaiE
:
review+
KaiE
:
checked-in+
|
Details | Diff | Splinter Review |
2.94 KB,
patch
|
rrelyea
:
review+
KaiE
:
checked-in+
|
Details | Diff | Splinter Review |
A functional difference between the DBM and SQL database was identified, that is considered a regression.
If a certificate already exists in an NSS DBM database with nickname1, and the same certificate is imported again with nickname2, then the nickname in the DBM database remains at nickname1.
Currently, with an SQL DBM database, the repeated nickname causes the nickname in the database to be changed to nickname2. This causes a regression in some NSS applications.
This bug suggests to adjust the NSS code, to ensure the nickname of the existing certificate remains at nickname1, in both DBM and SQL databases.
This issue has been originally reported at https://bugzilla.redhat.com/attachment.cgi?id=1428962
Reporter | ||
Comment 1•6 years ago
|
||
Bob has already provided a patch, which I'm attaching for him.
Reporter | ||
Comment 2•6 years ago
|
||
This patch adds a test.
Reporter | ||
Comment 3•6 years ago
|
||
I ran test builds for NSS:
https://treeherder.mozilla.org/#/jobs?repo=nss-try&revision=3360eed0cc12b17fffac49cda58687167c85a959
and Firefox:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=6053ae67cf3b659793abd7b3169c72c03d4cc741
and there were no regressions in existing tests.
Reporter | ||
Updated•6 years ago
|
Attachment #8972541 -
Flags: review+
Reporter | ||
Updated•6 years ago
|
Attachment #8972566 -
Flags: review?(rrelyea)
Reporter | ||
Updated•6 years ago
|
Target Milestone: --- → 3.38
Reporter | ||
Comment 4•6 years ago
|
||
Comment on attachment 8972541 [details] [diff] [review]
Bob's patch, option 3
Fix checked in:
https://hg.mozilla.org/projects/nss/rev/2f1ee2b8f7a6
Leaving bug open until test is reviewed.
Attachment #8972541 -
Flags: checked-in+
Assignee | ||
Comment 5•6 years ago
|
||
Comment on attachment 8972566 [details] [diff] [review]
test-1458518-v1.patch
Review of attachment 8972566 [details] [diff] [review]:
-----------------------------------------------------------------
Though not part of this bug, it would be good to verify the following:
Import a certificate using certutil -E and don't specify a nickname.
Import the same cert again using certutil -A -n and make sure the nickname get set. (may or may not work on dbm).
Attachment #8972566 -
Flags: review?(rrelyea) → review+
Reporter | ||
Comment 6•6 years ago
|
||
Bob, I have verified that it works as you described. I tested this manually with both the old code, and the new code (with the fix from this bug), and it works the same with both dbm and sql, the behavior didn't change.
Reporter | ||
Comment 7•6 years ago
|
||
Comment on attachment 8972566 [details] [diff] [review]
test-1458518-v1.patch
https://hg.mozilla.org/projects/nss/rev/5db9e969c74a
Attachment #8972566 -
Flags: checked-in+
Reporter | ||
Updated•6 years ago
|
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 8•6 years ago
|
||
Thanks Kai. I was meaning that it would be good for the test case should check. Anyway thanks for improving the current testcase.
bob
You need to log in
before you can comment on or make changes to this bug.
Description
•