294537 - ssltap should display ASCII CA names from cert request message

Status: RESOLVED FIXED

(NSS :: Tools, enhancement, P2)

Description

[Nelson Bolyard (seldom reads bugmail)]

An SSL Certificate Request message includes a list of DER-encoded CA names,
names exactly as they would appear in the "IssuerName" field of a certificate.
ssltap dumps these in hex.  It should convert them to ASCII string form names
and print those.  The NSS function CERT_DerNameToAscii exists for this purpose.

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

Attachment: patch v1

First stab.

Unfotrunately, to use the function that turns a DER Distinguished Name 
into an Ascii string, NSS must be initialized.  So I added calls to 
NSS_NoDB_Init and NSS_Shutdown.  I have the deja-vu feeling that we've
done this before, and repented of it before.  :(

Comment 2

[Nelson Bolyard (seldom reads bugmail)]

Attachment: v2: Add support for missing message types

Steve, I'd like your advice on whether or not it is advisable
to add that NSS_NoDB_Init call to ssltap again, or not.
Also, a review would be nice. :)

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

I see that code for message type 0 is also missing.  
I'd propose to handle it with a one-line case, as I did for case 14.

Comment 4

[Nelson Bolyard (seldom reads bugmail)]

Checked in on trunk.
Checking in cmd/ssltap/ssltap.c; new revision: 1.9; previous revision: 1.8

Comment 5

[Steve Parkinson]

r=sparkins@redhat.com

Apologies for missing this - my bugmail was getting filtered into somewhere
I don't normally look.

About NSS_NoDBInit - Initially, ssltap didn't have any dependencies on the NSS libraries, so there were no calls into NSS itself.  However, that is no longer the case. So, if you need to initialize NSS, go right ahead.

Comment 6

[Nelson Bolyard (seldom reads bugmail)]

Back ported to NSS 3.11 branch for NSS 3.11.3