Open Bug 482910 Opened 16 years ago Updated 1 years ago

crlutil incomplete

Categories

(NSS :: Tools, enhancement, P5)

Product:
NSS
Component:
Tools
Version:
3.12
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: nelson, Unassigned)

Details

As noted in Bug 482789, - crlutil also only prints one CRL, even if there are multiple certs with the same nickname, each with a different subject key ID and different CRL. - crlutil -L -n nickname doesn't print the complete CRL - crlutil -L -n nickname doesn't print all the info that we have stored with the CRL. For example, it does not print the URL. - crlutil doesn't seem to offer any way to export CRLs from the cert DB These things really slow down diagnosis of CRL related problems.
1) our softoken can only store a single CRL per issuer, regardless of subject key ID. So, it somewhat makes sense for display only one CRL, since usually at most one can be found. The only exception is if CRLs for the same subject are stored in more than one slot/token. 2) What do you mean that crlutil -L -n nickname doesn't print the complete CRL ? What information is missing ? 3-4) It is true that it doesn't have a way to print the URL or export the binary CRL.
Severity: normal → enhancement
(In reply to comment #1) > 1) our softoken can only store a single CRL per issuer, regardless of > subject key ID. So, it somewhat makes sense for display only one CRL, > since usually at most one can be found. That's a big problem, but it's obviously not merely a crlutil problem. > 2) What do you mean that crlutil -L -n nickname doesn't print the complete CRL > ? What information is missing ? Information about the signature, for one thing. The data outside of the ToBeSigned component.

The bug assignee is inactive on Bugzilla, so the assignee is being reset.

Assignee: alvolkov.bgs → nobody
Severity: normal → S3
Severity: S3 → N/A
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.