Closed
Bug 570438
Opened 14 years ago
Closed 14 years ago
certutil's limits on sizes of generated cert extensions are TOO SMALL
Categories
(NSS :: Tools, defect, P3)
Tracking
(Not tracked)
RESOLVED
FIXED
3.12.7
People
(Reporter: nelson, Assigned: nelson)
Details
Attachments
(2 files)
3.24 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
131.71 KB,
text/plain
|
Details |
Many of the cert extensions that certutil can generate are generated from input supplied as command line options and their arguments. The number of DNS names, email addresses, and numerous other items that can be put into these cert extensions is limited by the size of a single command line argument string. I recently needed to create an SSL server cert with hundreds of DNS names in the SAN extension, and could not. Since NSS 3.9, certutil has a "batch mode" that reads command lines in from a file, but it limits the length of each command line read in that way to no more than 512 bytes. This would be OK if it allowed lines to be continued (joined) with trailing '\' characters, but it does not. So, I've written a patch to enable batch mode to join lines with trailing '\' characters with the line that follows. This can be repeated as many times as needed. Each line on input is still limited to 512 bytes, but when joined, there is effectively no limit. With this patch, I generated a cert with over 100KB of DNS names. This patch is fully backward compatible. Patch forthcoming.
Assignee | ||
Comment 1•14 years ago
|
||
Attachment #449569 -
Flags: review?(rrelyea)
Assignee | ||
Comment 2•14 years ago
|
||
Comment 3•14 years ago
|
||
Comment on attachment 449569 [details] [diff] [review] patch v1 - enable batch file line continuation r+ One nit, the diff's seem to have indent differences bwtween some of the added lines and those in the file. It's probably a tab versus space issue. bob
Attachment #449569 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 4•14 years ago
|
||
Checking in certutil.c; new revision: 1.149; previous revision: 1.148
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•