Last Comment Bug 437804 - certutil -R for cert renewal should derive the subject from the cert if none is specified.
: certutil -R for cert renewal should derive the subject from the cert if none ...
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Tools (show other bugs)
: 3.12
: All All
: P2 enhancement (vote)
: 3.12.2
Assigned To: Elio Maldonado
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-06-07 11:56 PDT by Elio Maldonado
Modified: 2008-11-20 11:53 PST (History)
2 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
changes to extract subject when nickname is specified (1.70 KB, patch)
2008-06-07 12:06 PDT, Elio Maldonado
no flags Details | Diff | Review
extract subject from cert when nickname is specified on cert renewal (1.74 KB, patch)
2008-07-21 18:31 PDT, Elio Maldonado
no flags Details | Diff | Review
fix bad indentation in previous attachement (2.13 KB, patch)
2008-07-22 10:34 PDT, Elio Maldonado
rrelyea: review-
Details | Diff | Review
Fixes from review comments #6 and #7 (2.33 KB, patch)
2008-08-25 21:16 PDT, Elio Maldonado
rrelyea: review+
Details | Diff | Review

Description Elio Maldonado 2008-06-07 11:56:17 PDT
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.14) Gecko/20080416 Fedora/2.0.0.14-1.fc8 Firefox/2.0.0.14
Build Identifier: nss-3.12.0.3


Certutil has a way to request a certificate with an existing key (#341371). The user must provide the subject which should be optional as it can be obtained from the cert itself. 
Use case: 
certutil -R -s $subject -k $nickname \   #<---- instead of rsa use nickname -y $publicExponent -t $trust_args -d $dir -o $outcsrfile ... other arguments

The -k nickname option enables finding the cert, from which the keys are obtained, the subject could be obtained from the cert.


Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Comment 1 Elio Maldonado 2008-06-07 12:06:35 PDT
Created attachment 324143 [details] [diff] [review]
changes to extract subject when nickname is specified

Possible implementation for review.
Comment 2 Elio Maldonado 2008-06-16 07:44:15 PDT
Upgrading severity from enhancement to normal as this bug blocks porting fedora crypto-utils (certificate management) tools to use NSS for their cryptographic operations, please see https://bugzilla.redhat.com/show_bug.cgi?id=346731 for more information.
Comment 3 Elio Maldonado 2008-07-21 18:31:11 PDT
Created attachment 330683 [details] [diff] [review]
extract subject from cert when nickname is specified on cert renewal

fix a memory leak on previous attachement
Comment 4 Elio Maldonado 2008-07-22 10:34:38 PDT
Created attachment 330795 [details] [diff] [review]
fix bad indentation in previous attachement
Comment 5 Nelson Bolyard (seldom reads bugmail) 2008-07-22 13:45:00 PDT
I confirm this is an enhancement request :)
Comment 6 Robert Relyea 2008-08-25 14:43:29 PDT
Comment on attachment 330795 [details] [diff] [review]
fix bad indentation in previous attachement

r- 

but close. There is one minor issue and a nit.

minor issue (caused the r-):
> PR_fprintf(PR_STDERR, "%s -s: improperly formatted name: \"%s\"\n",
>+	    	               progName, certutil.options[opt_Subject].arg);


This is incorrect. it should read something like "%s couldn't get subject from certificate %s", progname, keysource);

The current error message is for the case where the user supplied the subject.
Comment 7 Robert Relyea 2008-08-25 14:44:29 PDT
arg, missed the nit.

You are adding a nested 'if' inside a compound if. Simply add another && clause.

bob
Comment 8 Elio Maldonado 2008-08-25 21:16:27 PDT
Created attachment 335482 [details] [diff] [review]
Fixes from review comments #6 and #7
Comment 9 Robert Relyea 2008-09-30 10:33:44 PDT
Comment on attachment 335482 [details] [diff] [review]
Fixes from review comments #6 and #7

r+
Comment 10 Elio Maldonado 2008-09-30 11:56:53 PDT
Checked in mozilla/security/nss/cmd/certutil/certutil.c, v1.143.

Note You need to log in before you can comment on or make changes to this bug.