User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:188.8.131.52) Gecko/20080416 Fedora/184.108.40.206-1.fc8 Firefox/220.127.116.11 Build Identifier: nss-18.104.22.168 Certutil has a way to request a certificate with an existing key (#341371). The user must provide the subject which should be optional as it can be obtained from the cert itself. Use case: certutil -R -s $subject -k $nickname \ #<---- instead of rsa use nickname -y $publicExponent -t $trust_args -d $dir -o $outcsrfile ... other arguments The -k nickname option enables finding the cert, from which the keys are obtained, the subject could be obtained from the cert. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 324143 [details] [diff] [review] changes to extract subject when nickname is specified Possible implementation for review.
Upgrading severity from enhancement to normal as this bug blocks porting fedora crypto-utils (certificate management) tools to use NSS for their cryptographic operations, please see https://bugzilla.redhat.com/show_bug.cgi?id=346731 for more information.
Created attachment 330683 [details] [diff] [review] extract subject from cert when nickname is specified on cert renewal fix a memory leak on previous attachement
Created attachment 330795 [details] [diff] [review] fix bad indentation in previous attachement
I confirm this is an enhancement request :)
Comment on attachment 330795 [details] [diff] [review] fix bad indentation in previous attachement r- but close. There is one minor issue and a nit. minor issue (caused the r-): > PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n", >+ progName, certutil.options[opt_Subject].arg); This is incorrect. it should read something like "%s couldn't get subject from certificate %s", progname, keysource); The current error message is for the case where the user supplied the subject.
arg, missed the nit. You are adding a nested 'if' inside a compound if. Simply add another && clause. bob
Created attachment 335482 [details] [diff] [review] Fixes from review comments #6 and #7
Comment on attachment 335482 [details] [diff] [review] Fixes from review comments #6 and #7 r+
Checked in mozilla/security/nss/cmd/certutil/certutil.c, v1.143.