Closed Bug 479601 Opened 15 years ago Closed 15 years ago

Wrong type (UTF8 String) for email addresses in subject by CERT_AsciiToName

Categories

(NSS :: Libraries, defect, P2)

3.12
defect

Tracking

(Not tracked)

RESOLVED FIXED
3.12.3

People

(Reporter: ch-bugsmozilla, Assigned: ch-bugsmozilla)

Details

Attachments

(1 file)

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)
Build Identifier: 

When CERT_AsciiToName is called with a subject containing an email address like "E=test@test.test", the email address will be typed as UTF8 String.

According to RFC 3280 section 4.1.2.6, the type should be IA5String instead:
"The attribute value for EmailAddress is of type IA5String
   to permit inclusion of the character '@', which is not part of the
   PrintableString character set."

I think this sentence is still valid and especially, it was not changed by RFC 4630. Additionally, OpenSSL (tested with 0.9.8h) and Microsoft Outlook 2007 don't recognize the email address if typed as UTF8 String instead of IA5String.

In earlier versions of NSS, email addresses were typed correctly, the bug was introduced with version 1.26 of mozilla/security/nss/lib/certdb/alg1485.c <http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=alg1485.c&branch=&root=/cvsroot&subdir=mozilla/security/nss/lib/certdb&command=DIFF_FRAMESET&rev1=1.25&rev2=1.26>

Reproducible: Didn't try

Steps to Reproduce:
I haven't tried to reproduce the problem with the NSS tools, but I see the problem, every time I programmatically create a certificate with CERT_AsciiToName("E=test@test.test") as the subject.

Calling
openssl -in test.cer -email
shows that openssl can't find any email address in the certificate (assuming no Subject Alternative Names are set).
Actual Results:  
No email address found by openssl

Expected Results:  
the address test@test.test should have been found

I will attach a .diff file for the latest hg version (<http://hg.mozilla.org/mozilla-central/file/855be715f09f/security/nss/lib/certdb/alg1485.c>) that fixes the problem
Attachment #363477 - Attachment mime type: application/octet-stream → text/plain
Attachment #363477 - Flags: review?(nelson)
Comment on attachment 363477 [details]
patch for the latest hg version that fixes the bug

To whom shall I credit this patch?
Attachment #363477 - Flags: review?(nelson) → review+
Assignee: nobody → chbugzilla
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Target Milestone: --- → 3.12.3
Version: unspecified → 3.12
My name is Christoph Hannebauer.
Thanks, Christoph!

Committed on CVS trunk
lib/certdb/alg1485.c; new revision: 1.31; previous revision: 1.30
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.