Open
Bug 62266
Opened 24 years ago
Updated 2 years ago
pk12util import fails when multiple certs for nickname
Categories
(NSS :: Tools, defect, P3)
Tracking
(Not tracked)
NEW
People
(Reporter: bugz, Unassigned)
Details
Attachments
(1 file)
2.80 KB,
application/octet-stream
|
Details |
I was able to create a p12 blob for a nickname that has multiple certs, but attempting to import it failed. Some certs were expired. Nickname may have also existed in database being imported to, so may not be a bug but just an unclear error message.
Reporter | ||
Updated•24 years ago
|
Target Milestone: --- → 3.3
Updated•23 years ago
|
Target Milestone: 3.3 → 3.4
Comment 1•22 years ago
|
||
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
Updated•22 years ago
|
Target Milestone: 3.5 → 3.7
Comment 3•22 years ago
|
||
Moved to target milestone 3.8 because the original NSS 3.7 release has been renamed 3.8.
Target Milestone: 3.7 → 3.8
Comment 4•21 years ago
|
||
Remove target milestone of 3.8, since these bugs didn't get into that release.
Target Milestone: 3.8 → ---
Comment 5•20 years ago
|
||
Ian, can you reproduce this? If so, can you attach the created .p12 file to this bug? I am interested in improving pk12util's handling of nickname "collisions". Without a copy of the .p12 file, it's difficult to know what's going on.
Comment 6•20 years ago
|
||
I'm not sure if this is the same problem as originally reported, but it's close enough. Currently, pk12util claims to accept this file when importing. But actually the second cert does not import. I would argue that this PKCS#12 file is bogus because the two certs have the same friendlyName . However, strictly speaking, per the PKCS#12 spec, the friendlyName is an optional component meant to be visually displayed, not a unique identifier, so you might make a case (and the producer of this file has argued!) that it is a valid PKCS@12 file. Other tools (IE, OpenSSL) don't enforce the unicity requirement (let alone not to conflict with an existing database nickname), so that makes NSS look bad. Currently, when you import this file with the tip, pk12util claims success, but it actually only imports the first cert (user cert), and the CA cert silently fails to import. The failure to import is due to bug 202979, which I have reopened. We need to make a decision regarding this file. Either : 1) we regard it as an invalid file. We should detect the collision and report the failure to import it (hopefully with some accurate error !!!) 2) we regard it as a valid file. In this case, we should detect the import failure, and try to import again, perhaps with a made-up nickname, ignoring the duplicate friendlyname in the file .
Updated•19 years ago
|
QA Contact: bishakhabanerjee → jason.m.reid
Updated•18 years ago
|
Assignee: bugz → neil.williams
QA Contact: jason.m.reid → tools
Updated•17 years ago
|
Target Milestone: --- → 3.11.8
Updated•17 years ago
|
Target Milestone: 3.11.8 → Future
Updated•17 years ago
|
Target Milestone: Future → ---
Updated•17 years ago
|
Assignee: neil.williams → nobody
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•