Open
Bug 54969
Opened 24 years ago
Updated 2 years ago
need QA test that all cert name attributes are properly encoded
Categories
(NSS :: Test, enhancement, P2)
Tracking
(Not tracked)
NEW
People
(Reporter: sonja.mirtitsch, Unassigned)
References
Details
Test fix for Bug 53127 Accept UTF8String encoding for attributes in Names
From: thayes@netscape.com (Terry Hayes)
To: Sonja Mirtitsch <sonmi@netscape.com>
Yes we should eventually build a test for this. The problem is that
there isn't any code right now that makes it easy to create a
certificate with the new encoding. We can probably write a program
that builds a certificate request piece by piece and then use certutil
and other tools to test whether NSS recognizes it. Ian may be able to
help with that as well.
-----------------------
The library should accept the UTF8String encoding of directory string values
found in X.500 names. This encoding is mandated for certificates created after
2003. It should be added as soon as possible to allow for smooth upgrading of
the PKI infrastructure.
NOTE: we do not need to generate UTF8String (yet).
Change is checked in, but I don't know how to QA this in the test suite. I've
built a version of PSM that accepts certificates with this encoding as a
one-time test.
target release 3.3
Reporter | ||
Updated•24 years ago
|
Target Milestone: --- → 3.3
Updated•24 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Reporter | ||
Updated•23 years ago
|
Component: Tools → Test
Updated•23 years ago
|
Target Milestone: 3.3 → 3.4
Reporter | ||
Updated•23 years ago
|
Target Milestone: 3.4 → Future
Comment 3•22 years ago
|
||
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Updated•19 years ago
|
Assignee: bishakhabanerjee → jason.m.reid
QA Contact: bishakhabanerjee → jason.m.reid
Target Milestone: Future → ---
Updated•19 years ago
|
Assignee: jason.m.reid → nobody
QA Contact: jason.m.reid → test
Comment 4•19 years ago
|
||
Is the certutil limitation about not being able to create that encoding still current ?
Comment 5•19 years ago
|
||
RFC 3280 (and other related RFCs) define the correct character set to use
for each and every type of attribute that can exist in the cert names.
Today, NSS encodes a few of them correctly, a few are known to be incorrectly
encoded, and most of the rest are untested.
The QA test envisioned here would generate a cert with many MANY name attributes
and then test that each and every one was encoded in the correct character set.
NSS 3.11.x, as it exists today, is guaranteed to fail this test, if the test
was properly implemented. But the test does not yet exist.
I believe that the companies that support NSS care about NSS's ability to
correctly encode cert names, hence P2.
Priority: P3 → P2
Summary: need QA suite to test fix for UTF8String encoding for attributes in Names → need QA test that all cert name attributes are properly encoded
Comment 6•19 years ago
|
||
Bug 329067 documents some of the cert name attributes that are incorrectly
encoded. This bug doesn't block that one, nor vice versa. But I wanted to
mark these bugs as related. One bug documents the encoding error, the
other bug documents the absence of a QA test that would detect such an
encoding error.
It's clear to me that to fulfill this test RFE, we need a new test tool,
one that parses a certificate and checks the encoding type of every
attribute, to ensure that every attribute is encoded using one of the
character set types defined for that attribute. Such a tool would be
useful for many purposes.
Blocks: 329067
Updated•17 years ago
|
Priority: P2 → P3
Comment 8•17 years ago
|
||
Decreasing priority to P3 (based on priorities set on meeting with Nelson in September).
Comment 9•17 years ago
|
||
Readjusting priority back to P2 to be consistent with the priority definitions
used in NSS.
A fix for this bug/RFE is desired by one of the companies that sponsor NSS.
By the present definition of NSS priorities, that makes it at least a P2.
Priority: P3 → P2
Updated•2 years ago
|
Severity: normal → S3
Comment 10•2 years ago
|
||
The bug assignee is inactive on Bugzilla, and this bug has priority 'P2'.
:beurdouche, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee: slavomir.katuscak+mozilla → nobody
Flags: needinfo?(bbeurdouche)
Comment 11•2 years ago
|
||
We have modified the bot to only consider P1 as high priority, so I'm cancelling the needinfo here.
Flags: needinfo?(bbeurdouche)
You need to log in
before you can comment on or make changes to this bug.
Description
•