Add additional cert usage(s) for certutil's -V -u option

RESOLVED FIXED in 3.12

Status

NSS
Tools
P3
enhancement
RESOLVED FIXED
10 years ago
10 years ago

People

(Reporter: Kaspar Brand, Assigned: Neil Williams)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

10 years ago
Created attachment 269584 [details] [diff] [review]
Add support for validating object signing usage with certutil -V

Nelson wrote on dev-tech-crypto:
> You're right that the absence of any way to specify a
> code-signing or object-signing usage is a deficiency of certutil's -u
> option.  Please file a bug about this in bugzilla.

So, here's the bug and a proposed patch. I chose "J" as the letter for object signing, because both O and S are already used, and J occurs in both obJect as well as in Jar - where such a cert also tends to be used...

In addition, I added a diagnostic message when an incorrect option is supplied - with the current version, certutil -V will just fail silently (it won't produce any output).

Finally, I'm not sure if any other cert usage (besides ObjectSigner) should be added, too... for the sake of completeness, these are the remaining ones:

    certUsageSSLServerWithStepUp = 2,
    certUsageSSLCA = 3,
    certUsageUserCertImport = 7,
    certUsageVerifyCA = 8,
    certUsageProtectedObjectSigner = 9,
    certUsageAnyCA = 11
Attachment #269584 - Flags: review?(nelson)
Comment on attachment 269584 [details] [diff] [review]
Add support for validating object signing usage with certutil -V

r=nelson for trunk
Attachment #269584 - Flags: review?(nelson) → review+
Neil, please commit this on Kaspar's behalf. 
Be sure to cite him as the source in the RCS log comment.  
Thanks.
Assignee: nobody → neil.williams
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P3
Target Milestone: --- → 3.12
(Assignee)

Comment 3

10 years ago
Checking in cmd/certutil/certutil.c;
/cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v  <--  certutil.c
new revision: 1.112; previous revision: 1.111
done
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.