Closed Bug 1458518 Opened 2 years ago Closed 2 years ago

Nicknames of existing certificates in NSS SQL DB should remain unchanged on repeated import attempts


(NSS :: Libraries, defect)

Not set


(Not tracked)



(Reporter: kaie, Assigned: rrelyea)



(2 files)

A functional difference between the DBM and SQL database was identified, that is considered a regression.

If a certificate already exists in an NSS DBM database with nickname1, and the same certificate is imported again with nickname2, then the nickname in the DBM database remains at nickname1.

Currently, with an SQL DBM database, the repeated nickname causes the nickname in the database to be changed to nickname2. This causes a regression in some NSS applications.

This bug suggests to adjust the NSS code, to ensure the nickname of the existing certificate remains at nickname1, in both DBM and SQL databases.

This issue has been originally reported at
Bob has already provided a patch, which I'm attaching for him.
This patch adds a test.
Attachment #8972541 - Flags: review+
Attachment #8972566 - Flags: review?(rrelyea)
Target Milestone: --- → 3.38
Comment on attachment 8972541 [details] [diff] [review]
Bob's patch, option 3

Fix checked in:

Leaving bug open until test is reviewed.
Attachment #8972541 - Flags: checked-in+
Comment on attachment 8972566 [details] [diff] [review]

Review of attachment 8972566 [details] [diff] [review]:

Though not part of this bug, it would be good to verify the following:

Import a certificate using certutil -E and don't specify a nickname.
Import the same cert again using certutil -A -n and make sure the nickname get set. (may or may not work on dbm).
Attachment #8972566 - Flags: review?(rrelyea) → review+
Bob, I have verified that it works as you described. I tested this manually with both the old code, and the new code (with the fix from this bug), and it works the same with both dbm and sql, the behavior didn't change.
Closed: 2 years ago
Resolution: --- → FIXED
Thanks Kai. I was meaning that it would be good for the test case should check. Anyway thanks for improving the current testcase.

You need to log in before you can comment on or make changes to this bug.