Add OID for PKIX_CA_ISSUERS

RESOLVED FIXED in 3.10

Status

P2
enhancement
RESOLVED FIXED
14 years ago
14 years ago

People

(Reporter: martin, Assigned: wtc)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 2 obsolete attachments)

(Reporter)

Description

14 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; de-DE; rv:1.7.5) Gecko/20050210 Firefox/1.0 (Debian package 1.0+dfsg.1-6)
Build Identifier: 

This patch adds the OID for 1.3.6.1.5.5.7.48.2, PKIX CA Issuers. This ID is
defined in RFC 2459.

It is not clear what OIDs can be added through "static" OID tags, rather than in
the application through SECOID_AddEntry. I think a policy is desirable, best
documented in secoidt.h before the enumeration. I would propose to allow all
OIDs into the file which are certificate-relevant and vendor-independent (e.g.
published in an RFC).

This specific OID is needed for bug Bug 259031, which tries to print the CA
Issuers AIA if present.

Reproducible: Always

Steps to Reproduce:
(Reporter)

Comment 1

14 years ago
Created attachment 174392 [details] [diff] [review]
Patch to add SEC_OID_ACCESS_DESCR_CA_ISSUERS
(Reporter)

Updated

14 years ago
Attachment #174392 - Flags: review?
(Reporter)

Updated

14 years ago
Blocks: 259031
Taking bug.  I will review this patch.
Assignee: wtchang → nelson
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Linux → All
Priority: -- → P2
Hardware: PC → All
Target Milestone: --- → 3.10
Comment on attachment 174392 [details] [diff] [review]
Patch to add SEC_OID_ACCESS_DESCR_CA_ISSUERS

r=nelson 
I think I might have preferred a somewhat shorter name than
SEC_OID_ACCESS_DESCR_CA_ISSUERS, perhaps something like SEC_OID_AIA_CA_ISSUERS,
but I'm not going to withhold r+ over such a nit.  i will plan to check this in
on Martin's behalf for 3.10.
Attachment #174392 - Flags: review? → review+
(Assignee)

Comment 4

14 years ago
Comment on attachment 174392 [details] [diff] [review]
Patch to add SEC_OID_ACCESS_DESCR_CA_ISSUERS

Nelson,

If you want a shorter name, I suggest
SEC_OID_AD_CA_ISSUERS because this OID
is called id-ad-caIssuers in RFC 2459:

id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
(Reporter)

Comment 5

14 years ago
Should I submit a new patch for the renamed constant? I personally don't care
too much what it is called, so SEC_OID_AD_CA_ISSUERS sounds fine.
(Assignee)

Comment 6

14 years ago
Created attachment 175207 [details] [diff] [review]
Patch to add SEC_OID_PKIX_CA_ISSUERS

Martin, I took care of this for you.  After
reviewing the two files, I concluded that
SEC_OID_PKIX_CA_ISSUERS is the name that is
the most consistent with existing names.

Is PKIX 3 the nickname for RFC 2459?
Attachment #174392 - Attachment is obsolete: true
Attachment #175207 - Flags: review?(nelson)
(Reporter)

Comment 7

14 years ago
I think I confused terminology. PKIX 3 apparently once was the nickname for
draft-ietf-pkix-ipki3cmp-0X.txt, which apparently became RFC 2510. So the
comment claiming that this is PKIX 3 should probably be removed/replaced with a
plain "PKIX" statement. BTW, RFC 2459 is now obsoleted by RFC 3280.
(Assignee)

Comment 8

14 years ago
Created attachment 175248 [details] [diff] [review]
Patch to add SEC_OID_PKIX_CA_ISSUERS, v1.1

Changed "PKIX 3" to "More PKIX OIDs" in comments.
Attachment #175207 - Attachment is obsolete: true
Attachment #175248 - Flags: review?(nelson)
(Assignee)

Updated

14 years ago
Attachment #175207 - Flags: review?(nelson)
Comment on attachment 175248 [details] [diff] [review]
Patch to add SEC_OID_PKIX_CA_ISSUERS, v1.1

Wan-Teh, since you're apparently ready to check this in, please "take" this bug
when you do so.  Thanks.
Attachment #175248 - Flags: review?(nelson) → review+
(Assignee)

Updated

14 years ago
Assignee: nelson → wtchang
(Assignee)

Comment 10

14 years ago
Patch checked in on the trunk.

Note that I changed the description of this OID
to "PKIX CA issuers access method", from
"Authority issuers access path".

Checking in secoid.c;
/cvsroot/mozilla/security/nss/lib/util/secoid.c,v  <--  secoid.c
new revision: 1.29; previous revision: 1.28
done
Checking in secoidt.h;
/cvsroot/mozilla/security/nss/lib/util/secoidt.h,v  <--  secoidt.h
new revision: 1.17; previous revision: 1.16
done
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED
Version: unspecified → 3.9.4
You need to log in before you can comment on or make changes to this bug.