164 bytes, text/plain
Nelson Bolyard (seldom reads bugmail): review+
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:220.127.116.11) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729) Build Identifier: When CERT_AsciiToName is called with a subject containing an email address like "Efirstname.lastname@example.org", the email address will be typed as UTF8 String. According to RFC 3280 section 18.104.22.168, the type should be IA5String instead: "The attribute value for EmailAddress is of type IA5String to permit inclusion of the character '@', which is not part of the PrintableString character set." I think this sentence is still valid and especially, it was not changed by RFC 4630. Additionally, OpenSSL (tested with 0.9.8h) and Microsoft Outlook 2007 don't recognize the email address if typed as UTF8 String instead of IA5String. In earlier versions of NSS, email addresses were typed correctly, the bug was introduced with version 1.26 of mozilla/security/nss/lib/certdb/alg1485.c <http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=alg1485.c&branch=&root=/cvsroot&subdir=mozilla/security/nss/lib/certdb&command=DIFF_FRAMESET&rev1=1.25&rev2=1.26> Reproducible: Didn't try Steps to Reproduce: I haven't tried to reproduce the problem with the NSS tools, but I see the problem, every time I programmatically create a certificate with CERT_AsciiToName("Eemail@example.com") as the subject. Calling openssl -in test.cer -email shows that openssl can't find any email address in the certificate (assuming no Subject Alternative Names are set). Actual Results: No email address found by openssl Expected Results: the address firstname.lastname@example.org should have been found I will attach a .diff file for the latest hg version (<http://hg.mozilla.org/mozilla-central/file/855be715f09f/security/nss/lib/certdb/alg1485.c>) that fixes the problem
Comment on attachment 363477 [details] patch for the latest hg version that fixes the bug To whom shall I credit this patch?
My name is Christoph Hannebauer.
Thanks, Christoph! Committed on CVS trunk lib/certdb/alg1485.c; new revision: 1.31; previous revision: 1.30