Last Comment Bug 213359 - enhance PK12util to extract certs from p12 file
: enhance PK12util to extract certs from p12 file
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: 3.8
: All All
: P2 enhancement (vote)
: 3.12
Assigned To: Neil Williams
: 371468 (view as bug list)
Depends on: 280605 280602
  Show dependency treegraph
Reported: 2003-07-21 21:56 PDT by Nelson Bolyard (seldom reads bugmail)
Modified: 2007-05-08 20:15 PDT (History)
3 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

quickey 1st attempt (5.40 KB, patch)
2007-02-26 19:45 PST, Neil Williams
no flags Details | Diff | Splinter Review
patch v1 (copied from bug 371468) (4.62 KB, patch)
2007-05-08 20:07 PDT, Nelson Bolyard (seldom reads bugmail)
no flags Details | Diff | Splinter Review

Description Nelson Bolyard (seldom reads bugmail) 2003-07-21 21:56:56 PDT
PK12util today can do only two things: 
1. import a cert chain from a .p12 file to a cert/key DB pair, or 
2. export a cert chain from a cert/key DB pair to a .p12 file.

We have no tool that will take a .p12 file and 
3. list a summary of the file's contents, (e.g. 1 line or 2 per cert)
4. list all the certs in that file in detail
5. extract the certs from that file into separate cert files.

Such a tool would be very helpful for support purposes.
Comment 1 Nelson Bolyard (seldom reads bugmail) 2005-01-31 19:01:36 PST
This RFE requests several new features of pk12util.  
I now think that I should file separate bugs about each one.
So, I have created bug 280602 about the detailed list of p12 file contents.
I will shortly file bugs for the other 2 features as well.
Comment 2 Nelson Bolyard (seldom reads bugmail) 2006-04-20 12:17:29 PDT
pk12util now does list the contents, in detail.
The cert extraction feature remains to be done.
It should be a variant of the -l (list) feature.
Comment 3 Neil Williams 2007-02-26 19:45:35 PST
Created attachment 256562 [details] [diff] [review]
quickey 1st attempt

I'll be reviewing this again before asking for a real review.
Comment 4 Nelson Bolyard (seldom reads bugmail) 2007-02-26 20:24:44 PST
*** Bug 371468 has been marked as a duplicate of this bug. ***
Comment 5 Nelson Bolyard (seldom reads bugmail) 2007-02-26 20:26:58 PST
Neil, After speaking with you Friday, I wrote a patch that implemented the 
feature and attached it to bug 371468, and requested your review of that 
patch.  Apparently you didn't notice that before writing your patch today.

Please look at bug 371468, and the patch attached to it, and let me know
which of the two patches you think is better, and why.  Thanks.
Comment 6 Neil Williams 2007-02-27 18:26:48 PST
Nelson, I like yours because it's more concise. The only functional difference between the two is that your version creates the files with "...| PR_TRUNCATE, 0600)" and mine with "..., 0660)". I'd change the filename, though, so it has "cert" in it somewhere.
Comment 7 Nelson Bolyard (seldom reads bugmail) 2007-05-08 20:07:44 PDT
Created attachment 264211 [details] [diff] [review]
patch v1 (copied from bug 371468)

This is the patch to which Neil gave r+ in bug 371468
Comment 8 Nelson Bolyard (seldom reads bugmail) 2007-05-08 20:15:39 PDT
Thanks for the review Neil.

Committed on trunk.
Checking in pk12util.c; new revision: 1.37; previous revision: 1.36

Note You need to log in before you can comment on or make changes to this bug.