The default bug view has changed. See this FAQ.

certutil -R for cert renewal should derive the subject from the cert if none is specified.

RESOLVED FIXED in 3.12.2

Status

NSS
Tools
P2
enhancement
RESOLVED FIXED
9 years ago
9 years ago

People

(Reporter: Elio Maldonado, Assigned: Elio Maldonado)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 3 obsolete attachments)

(Assignee)

Description

9 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc8 Firefox/2.0.0.14
Build Identifier: nss-3.12.0.3


Certutil has a way to request a certificate with an existing key (#341371). The user must provide the subject which should be optional as it can be obtained from the cert itself. 
Use case: 
certutil -R -s $subject -k $nickname \   #<---- instead of rsa use nickname -y $publicExponent -t $trust_args -d $dir -o $outcsrfile ... other arguments

The -k nickname option enables finding the cert, from which the keys are obtained, the subject could be obtained from the cert.


Reproducible: Always

Steps to Reproduce:
1.
2.
3.
(Assignee)

Updated

9 years ago
Version: unspecified → 3.12
(Assignee)

Comment 1

9 years ago
Created attachment 324143 [details] [diff] [review]
changes to extract subject when nickname is specified

Possible implementation for review.
(Assignee)

Comment 2

9 years ago
Upgrading severity from enhancement to normal as this bug blocks porting fedora crypto-utils (certificate management) tools to use NSS for their cryptographic operations, please see https://bugzilla.redhat.com/show_bug.cgi?id=346731 for more information.
Severity: enhancement → normal
(Assignee)

Comment 3

9 years ago
Created attachment 330683 [details] [diff] [review]
extract subject from cert when nickname is specified on cert renewal

fix a memory leak on previous attachement
Attachment #324143 - Attachment is obsolete: true
(Assignee)

Comment 4

9 years ago
Created attachment 330795 [details] [diff] [review]
fix bad indentation in previous attachement
Attachment #330683 - Attachment is obsolete: true
I confirm this is an enhancement request :)
Assignee: nobody → emaldona
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Target Milestone: --- → 3.12.1
(Assignee)

Updated

9 years ago
Status: NEW → ASSIGNED
(Assignee)

Updated

9 years ago
Attachment #330795 - Flags: review?(rrelyea)

Comment 6

9 years ago
Comment on attachment 330795 [details] [diff] [review]
fix bad indentation in previous attachement

r- 

but close. There is one minor issue and a nit.

minor issue (caused the r-):
> PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n",
>+	    	               progName, certutil.options[opt_Subject].arg);


This is incorrect. it should read something like "%s couldn't get subject from certificate %s", progname, keysource);

The current error message is for the case where the user supplied the subject.
Attachment #330795 - Flags: review?(rrelyea) → review-

Comment 7

9 years ago
arg, missed the nit.

You are adding a nested 'if' inside a compound if. Simply add another && clause.

bob
(Assignee)

Comment 8

9 years ago
Created attachment 335482 [details] [diff] [review]
Fixes from review comments #6 and #7
Attachment #330795 - Attachment is obsolete: true
Attachment #335482 - Flags: review?(rrelyea)

Comment 9

9 years ago
Comment on attachment 335482 [details] [diff] [review]
Fixes from review comments #6 and #7

r+
Attachment #335482 - Flags: review?(rrelyea) → review+
(Assignee)

Comment 10

9 years ago
Checked in mozilla/security/nss/cmd/certutil/certutil.c, v1.143.
(Assignee)

Updated

9 years ago
Target Milestone: 3.12.1 → 3.12.2
(Assignee)

Updated

9 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.