Closed
Bug 285233
Opened 19 years ago
Closed 19 years ago
need extra symbols to be exported by NSS library to support crl generation
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.10
People
(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)
References
Details
Attachments
(2 files)
6.74 KB,
text/plain
|
julien.pierre
:
review+
|
Details |
5.82 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803 Build Identifier: NSS 3.10 Need the following functions to be implemented and exported by NSS library: + CERT_StartCRLEntryExtensions: Set up a crl entry for adding X509v3 extensions. + CERT_StartCRLExtensions: Set up a crl for adding X509v3 extensions. + SEC_GetSignAlgorithmOidTag: Get the hash algorithm tag number for the given type of the key and algorithm tag. Returns SEC_OID_UNKNOWN if key and algorithm are not match. Reproducible: Always
Assignee | ||
Updated•19 years ago
|
Version: unspecified → 3.10
Assignee | ||
Comment 1•19 years ago
|
||
Updated•19 years ago
|
Assignee: wtchang → alexei.volkov.bugs
Updated•19 years ago
|
Priority: -- → P2
Target Milestone: --- → 3.10
Assignee | ||
Updated•19 years ago
|
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Comment 2•19 years ago
|
||
Comment on attachment 176690 [details]
patch to fix the bug is attached
Looks OK, except you shouldn't change the identation for CERT_CheckCertUsage in
cert.h . r+ after you change this.
Attachment #176690 -
Flags: review+
Assignee | ||
Comment 3•19 years ago
|
||
Comment 4•19 years ago
|
||
Checked in for alexei since his CVS account isn't working yet . Checking in certdb/cert.h; /cvsroot/mozilla/security/nss/lib/certdb/cert.h,v <-- cert.h new revision: 1.52; previous revision: 1.51 done Checking in certhigh/crlv2.c; /cvsroot/mozilla/security/nss/lib/certhigh/crlv2.c,v <-- crlv2.c new revision: 1.3; previous revision: 1.2 done Checking in nss/nss.def; /cvsroot/mozilla/security/nss/lib/nss/nss.def,v <-- nss.def new revision: 1.144; previous revision: 1.143 done Checking in cryptohi/cryptohi.h; /cvsroot/mozilla/security/nss/lib/cryptohi/cryptohi.h,v <-- cryptohi.h new revision: 1.9; previous revision: 1.8 done Checking in cryptohi/secsign.c; /cvsroot/mozilla/security/nss/lib/cryptohi/secsign.c,v <-- secsign.c new revision: 1.9; previous revision: 1.8 done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Comment 5•19 years ago
|
||
Comment on attachment 176700 [details] [diff] [review] patch file Julien, in cert.h, we have this comment: /* ** Add an extension to a certificate. ** "exthandle" is the handle returned by the previous function ... */ extern SECStatus CERT_AddExtension (void *exthandle, int idtag, SECItem *value, PRBool critical, PRBool copyData); I suggest that you change the description of "exthandle" to: "exthandle" is the handle returned by CERT_StartCertExtensions, CERT_StartCRLExtensions, or CERT_StartCRLEntryExtensions.
Comment 6•19 years ago
|
||
Checkin comments last night should have said r=julien . Wan-Teh, I wanted to keep the 2 repeated comments short, so I didn't list all the relevant functions.
Comment 7•19 years ago
|
||
Julien, the comment I'd like you to update is for an existing function, not for the two new functions Alexei added.
Comment 8•18 years ago
|
||
Alexei, do you remember why you chose MD5 as the default hash algorithm for RSA signatures in SEC_GetSignAlgorithmOidTag?
Comment 9•18 years ago
|
||
Alexei, I found the answer to my question. SEC_GetSignatureAlgorithmOidTag used to be the static function getSignatureOidTag in cmd/certutil/certutil.c. getSignatureOidTag used MD5 as the default hash algorithm for RSA signatures.
You need to log in
before you can comment on or make changes to this bug.
Description
•