add generation of SIA and AIA extensions to certutil

RESOLVED FIXED in 3.12

Status

NSS
Tools
P1
enhancement
RESOLVED FIXED
12 years ago
10 years ago

People

(Reporter: Julien Pierre, Assigned: Alexei Volkov)

Tracking

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: PKIXTEST)

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

12 years ago
certutil currently does not know how to add Subject Information Access or Authority Information Access extensions when generating certificates .

For the purpose of full coverage testing of libpkix, we should add this ability to certutil .
(Reporter)

Updated

12 years ago
Assignee: wtchang → alexei.volkov.bugs
This is P1 for 3.12, but should not displace 3.11.x work at this time.
Severity: normal → enhancement
Priority: -- → P2
Version: unspecified → 3.11
QA Contact: jason.m.reid → tools
(Assignee)

Comment 2

11 years ago
Created attachment 251684 [details] [diff] [review]
AIA and SIA extension patch(not for review yet)
(Assignee)

Updated

11 years ago
Whiteboard: PKIX
P1, MUST have for 3.12
Priority: P2 → P1
(Assignee)

Updated

10 years ago
Depends on: 346354
(Assignee)

Comment 4

10 years ago
Created attachment 265701 [details] [diff] [review]
split certutil by removing code related to extension generation into separate file

certutil.c is getting too big. Propose to split it into at least two files: 
   1. certext.c - everything that is about cert extensions
   2. certutil.c - the rest of the code

I'm about to add support for a number of new extensions to certutil. Would like to split it before Neil starts to work on his enhancements to avoid problems with merge.
Attachment #265701 - Flags: review?(neil.williams)
(Assignee)

Comment 5

10 years ago
Created attachment 265702 [details] [diff] [review]
certext.c didn't make into the last patch. fixing...
Attachment #265701 - Attachment is obsolete: true
Attachment #265702 - Flags: review?(neil.williams)
Attachment #265701 - Flags: review?(neil.williams)

Comment 6

10 years ago
Comment on attachment 265702 [details] [diff] [review]
certext.c didn't make into the last patch. fixing...

Looks good as long as all.sh still passes. You might want to fix the indentation in the 3 or 4 functions starting with CreateOidSequence() while you're moving things around. It would make it a little easier to read.
Attachment #265702 - Flags: review?(neil.williams) → review+
(Assignee)

Comment 7

10 years ago
Integrating attachment 265702 [details] [diff] [review]:
/cvsroot/mozilla/security/nss/cmd/certutil/certext.c,v  <--  certext.c
initial revision: 1.1
/cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v  <--  certutil.c
new revision: 1.109; previous revision: 1.108
/cvsroot/mozilla/security/nss/cmd/certutil/manifest.mn,v  <--  manifest.mn
new revision: 1.8; previous revision: 1.7

Comment 8

10 years ago
Previous patch split certutil into two large parts preperatory to adding support for several new cert extensions. SIA and AIA cert extensions are being added as part of bug # 324744. When that bug is closed this one should be too.

Updated

10 years ago
Blocks: 324744
Depends on: 389712
Depends on: 390973
This is NOT a libpkix bug
Whiteboard: PKIX
marking PKIXTEST in whiteboard.
Whiteboard: PKIXTEST

Comment 11

10 years ago
This is fixed by the patches committed in bug 324744.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED

Updated

10 years ago
No longer blocks: 324744
Depends on: 324744
You need to log in before you can comment on or make changes to this bug.