Closed Bug 417392 Opened 16 years ago Closed 16 years ago

certutil -L -n reports bogus trust flags

Categories

(NSS :: Tools, defect, P2)

defect

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: nelson, Assigned: julien.pierre)

Details

(Keywords: regression)

I have two certs in my cert DB with the nickname "Imported Certificate". :(
The two are Verisign class 1 email certs, not CA certs, not server certs.

When I run the command "certutil -L", and grep it for "Imported Certificate"
I get this output, which I believe is correct:

Imported Certificate                                         u,pu,u
Imported Certificate                                         u,u,u

When I run the command "certutil -L -n "Imported Certificate", using a trunk build from today, I get output that shows the full details of each cert, 
followed by an expanded listing of the trust flags.  It shows the following flags for both of the two certs.  These results are utterly bogus.

    Certificate Trust Flags:
        SSL Flags:
            Valid Peer
            Trusted
            User
        Email Flags:
            Valid Peer
            Valid CA
            Netscape Trusted CA
            User
            Step-up
        Object Signing Flags:
            Valid Peer
            Netscape Trusted CA
            User

I don't know if this is a bug in certutil or in the cert libraries, so 
for now, I will mark this as a "tools" bug.
Julien, since you're working on certutil now, will you look at this?
Keywords: regression
I confirmed this regression. -L -n shows garbage trust flags, even if there is only one cert. -L shows the correct flags. This is probably a bug within certutil.
Status: NEW → ASSIGNED
OS: Windows XP → All
Priority: -- → P2
Hardware: PC → All
Nelson,

That's a regression by Alexei that I reported in https://bugzilla.mozilla.org/show_bug.cgi?id=412468#c11 . I thought he would have fixed it by now. I have checked in the fix which is as follows.

Index: certutil.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v
retrieving revision 1.131
diff -u -r1.131 certutil.c
--- certutil.c  14 Feb 2008 00:51:53 -0000      1.131
+++ certutil.c  14 Feb 2008 03:31:31 -0000
@@ -517,8 +517,8 @@
                }
                rv = SECSuccess;
            } else {
-               rv = SEC_PrintCertificateAndTrust(the_cert, the_cert->trust,
-                                                 "Certificate");
+               rv = SEC_PrintCertificateAndTrust(the_cert, "Certificate",
+                                                  the_cert->trust);
                if (rv != SECSuccess) {
                    SECU_PrintError(progName, "problem printing certificate");
                }
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Checking in certutil.c;
/cvsroot/mozilla/security/nss/cmd/certutil/certutil.c,v  <--  certutil.c
new revision: 1.132; previous revision: 1.131
done
Thanks, Julien
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.