certutil currently does not know how to add Subject Information Access or Authority Information Access extensions when generating certificates . For the purpose of full coverage testing of libpkix, we should add this ability to certutil .
This is P1 for 3.12, but should not displace 3.11.x work at this time.
P1, MUST have for 3.12
Created attachment 265701 [details] [diff] [review] split certutil by removing code related to extension generation into separate file certutil.c is getting too big. Propose to split it into at least two files: 1. certext.c - everything that is about cert extensions 2. certutil.c - the rest of the code I'm about to add support for a number of new extensions to certutil. Would like to split it before Neil starts to work on his enhancements to avoid problems with merge.
Created attachment 265702 [details] [diff] [review] certext.c didn't make into the last patch. fixing...
Comment on attachment 265702 [details] [diff] [review] certext.c didn't make into the last patch. fixing... Looks good as long as all.sh still passes. You might want to fix the indentation in the 3 or 4 functions starting with CreateOidSequence() while you're moving things around. It would make it a little easier to read.
Integrating attachment 265702 [details] [diff] [review]: /cvsroot/mozilla/security/nss/cmd/certutil/certext.c,v <-- certext.c initial revision: 1.1 /cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v <-- certutil.c new revision: 1.109; previous revision: 1.108 /cvsroot/mozilla/security/nss/cmd/certutil/manifest.mn,v <-- manifest.mn new revision: 1.8; previous revision: 1.7
Previous patch split certutil into two large parts preperatory to adding support for several new cert extensions. SIA and AIA cert extensions are being added as part of bug # 324744. When that bug is closed this one should be too.
This is NOT a libpkix bug
marking PKIXTEST in whiteboard.
This is fixed by the patches committed in bug 324744.