Closed Bug 39495 Opened 24 years ago Closed 21 years ago

Certificates with identical serial numbers, subjects and issuers.

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Platform:
x86
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 230996

People

(Reporter: bugzilla, Assigned: nelson)

Details

This is a replacement bug for Netscape bug
http://scopus/bugsplat/show_bug.cgi?id=113432

Creating second certificate with new key material and nickname
but with the same serial number and with one distinguished name
for all subjects and issuers, let you pass
  certificate = CERT_NewTempCertificate(certHandle, derCert, certNickname, 
                                        PR_FALSE, PR_TRUE);
but then it throws assertion

  PORT_Assert(!cert->isperm);
in
  CERT_AddTempCertToPerm(certificate, certNickname, &trust);


------- Additional Comments From awnuk  05/05/98 14:35 ------- 

It is NT problem only and can be easily reproduced by running CertKey test
with test Id 437208613.
To do this type certkey 437208613.
CertKey test is under cvs control and available on
 ns/sectools/suites/secuity/certkey/certkey.c
and can be build by typing gmake in the test source directory.
Test input data and execution log should look like the one presented below: 
http://warp/m/dist/sectools/results/security/certkey/WINNT4.0/19980427/043720861
3/index.html


------- Additional Comments From relyea  Jun-10-1999 14:08 ------- 

Fred, this is an invalid thing to do, but it shouldn't crash the library. Don
Set Target Milestone 4.0.
Assignee: lord → wtc
Target Milestone: --- → 4.0
Version: unspecified → 3.0
Status: NEW → ASSIGNED
QA Contact: lord → sonmi
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
I'm guessing that this bug no longer exists as of 3.9 given all the work we have
done to detect the identical serial numbers. It should be verified and closed.

*** This bug has been marked as a duplicate of 172247 ***
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Target Milestone: 4.0 → 3.7
I found the source to this old NSS 2.8 test program, and made the minimum 
necessary modifications to get it to build with NSS 3.9 (mostly made it use
NSS_InitReadWrite).  Then I tested it.  I found that
a) The problem due to duplicate issuer and serial number is fixed in NSS 3.9 
   It is actually a duplicate of bug 230996, rather than bug 172247.
b) There is another crash in libNSS shown by this test program.  Function 
   CERT_DecodeTrustString crashes if it is given a NULL ptr for the second 
   argument.  

I will mark this bug a duplicate of 230996, and file a separate bug about this
other crash.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
taking bug.
Assignee: wchang0222 → MisterSSL
Status: REOPENED → NEW

*** This bug has been marked as a duplicate of 230996 ***
Status: NEW → RESOLVED
Closed: 21 years ago21 years ago
Resolution: --- → DUPLICATE
Target Milestone: 3.7 → 3.9.1
Correction to comment 5 above.  I changed it to work with 3.9.1 and verified
that it is fixed in NSS 3.9.1 by the fix to bug 230996
You need to log in before you can comment on or make changes to this bug.