certutil -R for cert renewal should derive the subject from the cert if none is specified.

RESOLVED FIXED in 3.12.2

Status

P2
enhancement
RESOLVED FIXED
11 years ago
10 years ago

People

(Reporter: elio.maldonado.batiz, Assigned: elio.maldonado.batiz)

Tracking

3.12
3.12.2

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 3 obsolete attachments)

(Assignee)

Description

11 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc8 Firefox/2.0.0.14
Build Identifier: nss-3.12.0.3


Certutil has a way to request a certificate with an existing key (#341371). The user must provide the subject which should be optional as it can be obtained from the cert itself. 
Use case: 
certutil -R -s $subject -k $nickname \   #<---- instead of rsa use nickname -y $publicExponent -t $trust_args -d $dir -o $outcsrfile ... other arguments

The -k nickname option enables finding the cert, from which the keys are obtained, the subject could be obtained from the cert.


Reproducible: Always

Steps to Reproduce:
1.
2.
3.
(Assignee)

Updated

11 years ago
Version: unspecified → 3.12
(Assignee)

Comment 1

11 years ago
Created attachment 324143 [details] [diff] [review]
changes to extract subject when nickname is specified

Possible implementation for review.
(Assignee)

Comment 2

11 years ago
Upgrading severity from enhancement to normal as this bug blocks porting fedora crypto-utils (certificate management) tools to use NSS for their cryptographic operations, please see https://bugzilla.redhat.com/show_bug.cgi?id=346731 for more information.
Severity: enhancement → normal
(Assignee)

Comment 3

11 years ago
Created attachment 330683 [details] [diff] [review]
extract subject from cert when nickname is specified on cert renewal

fix a memory leak on previous attachement
Attachment #324143 - Attachment is obsolete: true
(Assignee)

Comment 4

11 years ago
Created attachment 330795 [details] [diff] [review]
fix bad indentation in previous attachement
Attachment #330683 - Attachment is obsolete: true
I confirm this is an enhancement request :)
Assignee: nobody → emaldona
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Target Milestone: --- → 3.12.1
(Assignee)

Updated

11 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

11 years ago
Attachment #330795 - Flags: review?(rrelyea)

Comment 6

10 years ago
Comment on attachment 330795 [details] [diff] [review]
fix bad indentation in previous attachement

r- 

but close. There is one minor issue and a nit.

minor issue (caused the r-):
> PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n",
>+	    	               progName, certutil.options[opt_Subject].arg);


This is incorrect. it should read something like "%s couldn't get subject from certificate %s", progname, keysource);

The current error message is for the case where the user supplied the subject.
Attachment #330795 - Flags: review?(rrelyea) → review-

Comment 7

10 years ago
arg, missed the nit.

You are adding a nested 'if' inside a compound if. Simply add another && clause.

bob
(Assignee)

Comment 8

10 years ago
Created attachment 335482 [details] [diff] [review]
Fixes from review comments #6 and #7
Attachment #330795 - Attachment is obsolete: true
Attachment #335482 - Flags: review?(rrelyea)

Comment 9

10 years ago
Comment on attachment 335482 [details] [diff] [review]
Fixes from review comments #6 and #7

r+
Attachment #335482 - Flags: review?(rrelyea) → review+
(Assignee)

Comment 10

10 years ago
Checked in mozilla/security/nss/cmd/certutil/certutil.c, v1.143.
(Assignee)

Updated

10 years ago
Target Milestone: 3.12.1 → 3.12.2
(Assignee)

Updated

10 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.