Closed
Bug 386057
Opened 17 years ago
Closed 17 years ago
Pk12util allows import of new certificate with existing nickname without warning.
Categories
(NSS :: Libraries, defect)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: slavomir.katuscak+mozilla, Unassigned)
Details
I did some experiments with pk12util and certificates: 1. Export certificate and key as PKCS#12 file (pk12util -o). 2. Delete certificate and key (certutil -F). 3. Import certificate and key from PKCS#12 file (pk12util -i). 4. Delete certificate only (certutil -D). 5. Import certificate and key from PKCS#12 file again (pk12util -i). Second import passed without any warning. Is it ok to reimport existing key ? I tried also to import one certificate+key more times (successfull), and finally there was only one in DB, so probably it was rewritten. I tried to create another certificate+key with the same nickname and import it (successfull), and there were 2 certificates+keys with the same nickname. Is this OK ? certutil -L (list of certificates): testcert u,u,u testcert u,u,u certutil -K (list of keys): <0> testcert <1> testcert When I tried to delete certificate with nickname testcert (certutil -D) only one was deleted and one was still there.
Comment 1•17 years ago
|
||
The ability to "import" a cert (and private key) multiple times is a feature. The act of importing says "I want this cert (or cert and private key) in my DB." If the cert (and key) are already in the DB, then the action succeeds without any changes being made. So that issue is not a bug, and is working as designed. certutil -L lists one line per cert. It is quite possible to have multiple certs with the same exact subject name. Multiple certs with the same subject name will always have the same nickname. There can only be one nickname per unique subject name, no matter how many certs exist with that subject name. So, this all sounds like it is working as designed. Your comments about "another certificate+key with the same nickname" don't tell us whether those certificates all had the same exact subject name or not. If they do/did all have the same subject name, then this is all working as designed. If they did not have the same subject names but did have the same nickname, then something is wrong. Please review your results to see if all the certs had the same subject name, or not. If so, please mark this bug invalid.
Reporter | ||
Comment 2•17 years ago
|
||
Both cert+key pairs had the same subject name. How is it with certificates deleting when they have the same nickname and subject name ? Can I select which one I want delete ?
Comment 3•17 years ago
|
||
Marking invalid, based on comment 2. The code is working as intended. See Bug 291394 for info on deleteing multiple certs with the same nickname.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•