Closed Bug 285233 Opened 19 years ago Closed 19 years ago

need extra symbols to be exported by NSS library to support crl generation

Categories

(NSS :: Libraries, defect, P2)

3.10
defect

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: alvolkov.bgs, Assigned: alvolkov.bgs)

References

Details

Attachments

(2 files)

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040803
Build Identifier: NSS 3.10

Need the following functions to be implemented and exported by NSS library:


+ CERT_StartCRLEntryExtensions: Set up a crl entry for adding X509v3 extensions.

+ CERT_StartCRLExtensions: Set up a crl for adding X509v3 extensions.

+ SEC_GetSignAlgorithmOidTag: Get the hash algorithm tag number for the given
type of the key and algorithm tag. Returns SEC_OID_UNKNOWN if key and algorithm
are not match.

Reproducible: Always
Version: unspecified → 3.10
Assignee: wtchang → alexei.volkov.bugs
Priority: -- → P2
Target Milestone: --- → 3.10
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Comment on attachment 176690 [details]
patch to fix the bug is attached

Looks OK, except you shouldn't change the identation for CERT_CheckCertUsage in
cert.h . r+ after you change this.
Attachment #176690 - Flags: review+
Blocks: 265003
Attached patch patch fileSplinter Review
Checked in for alexei since his CVS account isn't working yet .

Checking in certdb/cert.h;
/cvsroot/mozilla/security/nss/lib/certdb/cert.h,v  <--  cert.h
new revision: 1.52; previous revision: 1.51
done
Checking in certhigh/crlv2.c;
/cvsroot/mozilla/security/nss/lib/certhigh/crlv2.c,v  <--  crlv2.c
new revision: 1.3; previous revision: 1.2
done
Checking in nss/nss.def;
/cvsroot/mozilla/security/nss/lib/nss/nss.def,v  <--  nss.def
new revision: 1.144; previous revision: 1.143
done
Checking in cryptohi/cryptohi.h;
/cvsroot/mozilla/security/nss/lib/cryptohi/cryptohi.h,v  <--  cryptohi.h
new revision: 1.9; previous revision: 1.8
done
Checking in cryptohi/secsign.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/secsign.c,v  <--  secsign.c
new revision: 1.9; previous revision: 1.8
done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Comment on attachment 176700 [details] [diff] [review]
patch file

Julien, in cert.h, we have this comment:

/*
** Add an extension to a certificate.
**	"exthandle" is the handle returned by the previous function
...
*/
extern SECStatus CERT_AddExtension (void *exthandle, int idtag,
			SECItem *value, PRBool critical, PRBool copyData);

I suggest that you change the description of "exthandle"
to:

	"exthandle" is the handle returned by CERT_StartCertExtensions,
		CERT_StartCRLExtensions, or CERT_StartCRLEntryExtensions.
Checkin comments last night should have said r=julien .

Wan-Teh, I wanted to keep the 2 repeated comments short, so I didn't list all
the relevant functions.
Julien, the comment I'd like you to update is
for an existing function, not for the two new
functions Alexei added.
Alexei, do you remember why you chose MD5 as the default hash
algorithm for RSA signatures in SEC_GetSignAlgorithmOidTag?
Alexei, I found the answer to my question.  SEC_GetSignatureAlgorithmOidTag
used to be the static function getSignatureOidTag in cmd/certutil/certutil.c.
getSignatureOidTag used MD5 as the default hash algorithm for RSA signatures.
You need to log in before you can comment on or make changes to this bug.