Closed
Bug 284191
Opened 19 years ago
Closed 19 years ago
pp incorrectly prints cert request attributes
Categories
(NSS :: Tools, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: nelson, Assigned: nelson)
References
Details
Attachments
(2 files)
463 bytes,
application/octet-stream
|
Details | |
9.89 KB,
patch
|
neil.williams
:
review+
|
Details | Diff | Splinter Review |
When the pp program attempts to print a PKCS10 certificate request that contains "attributes", it does not print them correctly. The problem is that SECU_PrintCertificateRequest attempts to print the attributes as if they were decoded as a single "SEC_ASN1_ANY", which they are not. A related problem is an error in the declaration of struct CERTCertificateRequestStr. The last member of that struct, declared as SECItem **attributes; doesn't match the template. It should be a CERTAttribute **, which is quite different from a SECItem **. I plan to attach to this bug a cert request that exhibits the problem, (which Neil created today) and a patch that fixes pp to print it.
Assignee | ||
Comment 1•19 years ago
|
||
This cert request demonstrates the problem.
Assignee | ||
Comment 2•19 years ago
|
||
We currently believe that ability for certutil/pp to create and display PKCS10 cert requests with multiple subjectAltNames is vital for servers. However, if we find that another means is preferered to get SSL server certs with multiple host names, this bug may drop to P3 or below.
Priority: -- → P2
Target Milestone: --- → 3.10
Assignee | ||
Comment 3•19 years ago
|
||
This patch has two prerequisite patches: 1. The new OID tag SEC_OID_PKCS9_EXTENSION_REQUEST, which is added by a patch for bug 263779 (recently checked in on trunk). 2. CERT_SequenceOfCertExtensionTemplate must be exported. This is done by a patch for bug 284200 (not yet checked in). Neil and Wan-Teh, please review.
Attachment #176002 -
Flags: superreview?(wtchang)
Attachment #176002 -
Flags: review?(neil.williams)
Comment 4•19 years ago
|
||
Comment on attachment 176002 [details] [diff] [review] patch v1 - see comment for prerequisites The only quibble I see is that SECU_PrintSetOfAny() sets rv and returns it but never assigns anything to it.
Attachment #176002 -
Flags: review?(neil.williams) → review+
Assignee | ||
Comment 5•19 years ago
|
||
Comment on attachment 176002 [details] [diff] [review] patch v1 - see comment for prerequisites secutil.c new revision: 1.67; previous revision: 1.66 secutil.h new revision: 1.17; previous revision: 1.16 Thanks for the review. Checked in for Beta 1 build.
Attachment #176002 -
Flags: superreview?(wtchang)
Assignee | ||
Comment 6•19 years ago
|
||
marking fixed
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•