Closed
Bug 284191
Opened 20 years ago
Closed 20 years ago
pp incorrectly prints cert request attributes
Categories
(NSS :: Tools, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: nelson, Assigned: nelson)
References
Details
Attachments
(2 files)
|
463 bytes,
application/octet-stream
|
Details | |
|
9.89 KB,
patch
|
neil.williams
:
review+
|
Details | Diff | Splinter Review |
When the pp program attempts to print a PKCS10 certificate request that
contains "attributes", it does not print them correctly. The problem is
that SECU_PrintCertificateRequest attempts to print the attributes as if
they were decoded as a single "SEC_ASN1_ANY", which they are not.
A related problem is an error in the declaration of struct
CERTCertificateRequestStr. The last member of that struct, declared as
SECItem **attributes;
doesn't match the template. It should be a CERTAttribute **, which is
quite different from a SECItem **.
I plan to attach to this bug a cert request that exhibits the problem,
(which Neil created today) and a patch that fixes pp to print it.
|
Assignee | |
Comment 1•20 years ago
|
||
This cert request demonstrates the problem.
|
|
Assignee | |
Comment 2•20 years ago
|
||
We currently believe that ability for certutil/pp to create and display
PKCS10 cert requests with multiple subjectAltNames is vital for servers.
However, if we find that another means is preferered to get SSL server
certs with multiple host names, this bug may drop to P3 or below.
Priority: -- → P2
Target Milestone: --- → 3.10
|
|
Assignee | |
Comment 3•20 years ago
|
||
This patch has two prerequisite patches:
1. The new OID tag SEC_OID_PKCS9_EXTENSION_REQUEST, which is added by
a patch for bug 263779 (recently checked in on trunk).
2. CERT_SequenceOfCertExtensionTemplate must be exported. This is done by
a patch for bug 284200 (not yet checked in).
Neil and Wan-Teh, please review.
Attachment #176002 -
Flags: superreview?(wtchang)
Attachment #176002 -
Flags: review?(neil.williams)
|
||
Comment 4•20 years ago
|
||
Comment on attachment 176002 [details] [diff] [review]
patch v1 - see comment for prerequisites
The only quibble I see is that SECU_PrintSetOfAny() sets rv and returns it but
never assigns anything to it.
Attachment #176002 -
Flags: review?(neil.williams) → review+
|
|
Assignee | |
Comment 5•20 years ago
|
||
Comment on attachment 176002 [details] [diff] [review]
patch v1 - see comment for prerequisites
secutil.c new revision: 1.67; previous revision: 1.66
secutil.h new revision: 1.17; previous revision: 1.16
Thanks for the review. Checked in for Beta 1 build.
Attachment #176002 -
Flags: superreview?(wtchang)
|
|
Assignee | |
Comment 6•20 years ago
|
||
marking fixed
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•