Closed
Bug 417392
Opened 17 years ago
Closed 17 years ago
certutil -L -n reports bogus trust flags
Categories
(NSS :: Tools, defect, P2)
NSS
Tools
Tracking
(Not tracked)
VERIFIED
FIXED
3.12
People
(Reporter: nelson, Assigned: julien.pierre)
Details
(Keywords: regression)
I have two certs in my cert DB with the nickname "Imported Certificate". :(
The two are Verisign class 1 email certs, not CA certs, not server certs.
When I run the command "certutil -L", and grep it for "Imported Certificate"
I get this output, which I believe is correct:
Imported Certificate u,pu,u
Imported Certificate u,u,u
When I run the command "certutil -L -n "Imported Certificate", using a trunk build from today, I get output that shows the full details of each cert,
followed by an expanded listing of the trust flags. It shows the following flags for both of the two certs. These results are utterly bogus.
Certificate Trust Flags:
SSL Flags:
Valid Peer
Trusted
User
Email Flags:
Valid Peer
Valid CA
Netscape Trusted CA
User
Step-up
Object Signing Flags:
Valid Peer
Netscape Trusted CA
User
I don't know if this is a bug in certutil or in the cert libraries, so
for now, I will mark this as a "tools" bug.
Julien, since you're working on certutil now, will you look at this?
Reporter | ||
Updated•17 years ago
|
Keywords: regression
Assignee | ||
Comment 1•17 years ago
|
||
I confirmed this regression. -L -n shows garbage trust flags, even if there is only one cert. -L shows the correct flags. This is probably a bug within certutil.
Status: NEW → ASSIGNED
OS: Windows XP → All
Priority: -- → P2
Hardware: PC → All
Assignee | ||
Comment 2•17 years ago
|
||
Nelson,
That's a regression by Alexei that I reported in https://bugzilla.mozilla.org/show_bug.cgi?id=412468#c11 . I thought he would have fixed it by now. I have checked in the fix which is as follows.
Index: certutil.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v
retrieving revision 1.131
diff -u -r1.131 certutil.c
--- certutil.c 14 Feb 2008 00:51:53 -0000 1.131
+++ certutil.c 14 Feb 2008 03:31:31 -0000
@@ -517,8 +517,8 @@
}
rv = SECSuccess;
} else {
- rv = SEC_PrintCertificateAndTrust(the_cert, the_cert->trust,
- "Certificate");
+ rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate",
+ the_cert->trust);
if (rv != SECSuccess) {
SECU_PrintError(progName, "problem printing certificate");
}
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 3•17 years ago
|
||
Checking in certutil.c;
/cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v <-- certutil.c
new revision: 1.132; previous revision: 1.131
done
You need to log in
before you can comment on or make changes to this bug.
Description
•