User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:188.8.131.52) Gecko/20080416 Fedora/184.108.40.206-1.fc8 Firefox/220.127.116.11 Build Identifier: nss-18.104.22.168 Certutil has a way to request a certificate with an existing key (#341371). The user must provide the subject which should be optional as it can be obtained from the cert itself. Use case: certutil -R -s $subject -k $nickname \ #<---- instead of rsa use nickname -y $publicExponent -t $trust_args -d $dir -o $outcsrfile ... other arguments The -k nickname option enables finding the cert, from which the keys are obtained, the subject could be obtained from the cert. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Created attachment 324143 [details] [diff] [review] changes to extract subject when nickname is specified Possible implementation for review.
Upgrading severity from enhancement to normal as this bug blocks porting fedora crypto-utils (certificate management) tools to use NSS for their cryptographic operations, please see https://bugzilla.redhat.com/show_bug.cgi?id=346731 for more information.
Severity: enhancement → normal
Created attachment 330683 [details] [diff] [review] extract subject from cert when nickname is specified on cert renewal fix a memory leak on previous attachement
Attachment #324143 - Attachment is obsolete: true
Created attachment 330795 [details] [diff] [review] fix bad indentation in previous attachement
Attachment #330683 - Attachment is obsolete: true
I confirm this is an enhancement request :)
Assignee: nobody → emaldona
Severity: normal → enhancement
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Target Milestone: --- → 3.12.1
Comment on attachment 330795 [details] [diff] [review] fix bad indentation in previous attachement r- but close. There is one minor issue and a nit. minor issue (caused the r-): > PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n", >+ progName, certutil.options[opt_Subject].arg); This is incorrect. it should read something like "%s couldn't get subject from certificate %s", progname, keysource); The current error message is for the case where the user supplied the subject.
Attachment #330795 - Flags: review?(rrelyea) → review-
arg, missed the nit. You are adding a nested 'if' inside a compound if. Simply add another && clause. bob
Created attachment 335482 [details] [diff] [review] Fixes from review comments #6 and #7
Comment on attachment 335482 [details] [diff] [review] Fixes from review comments #6 and #7 r+
Attachment #335482 - Flags: review?(rrelyea) → review+
Checked in mozilla/security/nss/cmd/certutil/certutil.c, v1.143.
Status: ASSIGNED → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.