Last Comment Bug 479601 - Wrong type (UTF8 String) for email addresses in subject by CERT_AsciiToName
: Wrong type (UTF8 String) for email addresses in subject by CERT_AsciiToName
Status: RESOLVED FIXED
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.12
: All All
: P2 normal (vote)
: 3.12.3
Assigned To: Christoph Hannebauer
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-21 07:03 PST by Christoph Hannebauer
Modified: 2009-02-22 04:29 PST (History)
0 users
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
patch for the latest hg version that fixes the bug (164 bytes, text/plain)
2009-02-21 07:04 PST, Christoph Hannebauer
nelson: review+
Details

Description Christoph Hannebauer 2009-02-21 07:03:50 PST
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)
Build Identifier: 

When CERT_AsciiToName is called with a subject containing an email address like "E=test@test.test", the email address will be typed as UTF8 String.

According to RFC 3280 section 4.1.2.6, the type should be IA5String instead:
"The attribute value for EmailAddress is of type IA5String
   to permit inclusion of the character '@', which is not part of the
   PrintableString character set."

I think this sentence is still valid and especially, it was not changed by RFC 4630. Additionally, OpenSSL (tested with 0.9.8h) and Microsoft Outlook 2007 don't recognize the email address if typed as UTF8 String instead of IA5String.

In earlier versions of NSS, email addresses were typed correctly, the bug was introduced with version 1.26 of mozilla/security/nss/lib/certdb/alg1485.c <http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=alg1485.c&branch=&root=/cvsroot&subdir=mozilla/security/nss/lib/certdb&command=DIFF_FRAMESET&rev1=1.25&rev2=1.26>

Reproducible: Didn't try

Steps to Reproduce:
I haven't tried to reproduce the problem with the NSS tools, but I see the problem, every time I programmatically create a certificate with CERT_AsciiToName("E=test@test.test") as the subject.

Calling
openssl -in test.cer -email
shows that openssl can't find any email address in the certificate (assuming no Subject Alternative Names are set).
Actual Results:  
No email address found by openssl

Expected Results:  
the address test@test.test should have been found

I will attach a .diff file for the latest hg version (<http://hg.mozilla.org/mozilla-central/file/855be715f09f/security/nss/lib/certdb/alg1485.c>) that fixes the problem
Comment 1 Christoph Hannebauer 2009-02-21 07:04:47 PST
Created attachment 363477 [details]
patch for the latest hg version that fixes the bug
Comment 2 Nelson Bolyard (seldom reads bugmail) 2009-02-21 14:48:52 PST
Comment on attachment 363477 [details]
patch for the latest hg version that fixes the bug

To whom shall I credit this patch?
Comment 3 Christoph Hannebauer 2009-02-22 01:17:06 PST
My name is Christoph Hannebauer.
Comment 4 Nelson Bolyard (seldom reads bugmail) 2009-02-22 04:29:32 PST
Thanks, Christoph!

Committed on CVS trunk
lib/certdb/alg1485.c; new revision: 1.31; previous revision: 1.30

Note You need to log in before you can comment on or make changes to this bug.