Wrong type (UTF8 String) for email addresses in subject by CERT_AsciiToName

RESOLVED FIXED in 3.12.3

Status

NSS
Libraries
P2
normal
RESOLVED FIXED
8 years ago
8 years ago

People

(Reporter: Christoph Hannebauer, Assigned: Christoph Hannebauer)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

164 bytes, text/plain
Nelson Bolyard (seldom reads bugmail)
: review+
Details
(Assignee)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.0.6) Gecko/2009011913 Firefox/3.0.6 (.NET CLR 3.5.30729)
Build Identifier: 

When CERT_AsciiToName is called with a subject containing an email address like "E=test@test.test", the email address will be typed as UTF8 String.

According to RFC 3280 section 4.1.2.6, the type should be IA5String instead:
"The attribute value for EmailAddress is of type IA5String
   to permit inclusion of the character '@', which is not part of the
   PrintableString character set."

I think this sentence is still valid and especially, it was not changed by RFC 4630. Additionally, OpenSSL (tested with 0.9.8h) and Microsoft Outlook 2007 don't recognize the email address if typed as UTF8 String instead of IA5String.

In earlier versions of NSS, email addresses were typed correctly, the bug was introduced with version 1.26 of mozilla/security/nss/lib/certdb/alg1485.c <http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=alg1485.c&branch=&root=/cvsroot&subdir=mozilla/security/nss/lib/certdb&command=DIFF_FRAMESET&rev1=1.25&rev2=1.26>

Reproducible: Didn't try

Steps to Reproduce:
I haven't tried to reproduce the problem with the NSS tools, but I see the problem, every time I programmatically create a certificate with CERT_AsciiToName("E=test@test.test") as the subject.

Calling
openssl -in test.cer -email
shows that openssl can't find any email address in the certificate (assuming no Subject Alternative Names are set).
Actual Results:  
No email address found by openssl

Expected Results:  
the address test@test.test should have been found

I will attach a .diff file for the latest hg version (<http://hg.mozilla.org/mozilla-central/file/855be715f09f/security/nss/lib/certdb/alg1485.c>) that fixes the problem
(Assignee)

Comment 1

8 years ago
Created attachment 363477 [details]
patch for the latest hg version that fixes the bug
(Assignee)

Updated

8 years ago
Attachment #363477 - Attachment mime type: application/octet-stream → text/plain
Attachment #363477 - Flags: review?(nelson)
Comment on attachment 363477 [details]
patch for the latest hg version that fixes the bug

To whom shall I credit this patch?
Attachment #363477 - Flags: review?(nelson) → review+
Assignee: nobody → chbugzilla
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P2
Target Milestone: --- → 3.12.3
Version: unspecified → 3.12
(Assignee)

Comment 3

8 years ago
My name is Christoph Hannebauer.
Thanks, Christoph!

Committed on CVS trunk
lib/certdb/alg1485.c; new revision: 1.31; previous revision: 1.30
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.