Closed
Bug 839663
Opened 11 years ago
Closed 11 years ago
Add the OID for the 'name' attribute type in X.520
Categories
(NSS :: Libraries, defect, P2)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.15
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(1 file)
|
2.75 KB,
patch
|
rrelyea
:
superreview+
mozbgz
:
feedback+
wtc
:
checked-in+
|
Details | Diff | Splinter Review |
Someone sent me a certificate whose Subject field contains an attribute type with the OID 2.5.4.41. Firefox displays the Subject field as: E = xxx@xxx.com Object Identifier (2 5 4 41) = testing CN = xxx OU = xxx O = xxx L = xxx ST = CA C = US The NSS 'pp' command-line tool prints the Subject field as: Subject: "E=xxx@xxx.com,OID.2.5.4.41=testing,CN=xxx,OU=xxx, O=xxx,L=xxx,ST=CA,C=US" The attached patch enables the 'pp' tool to prints the 'name' attribute. I believe a PSM patch is necessary to allow the Firefox certificate viewer to display the 'name' attribute. Bob, Kaspar: I need your feedback on whether the 'name' attribute should be added above or below the "strict mode" line in the name2kinds array in lib/certdb/alg1485.c: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/certdb/alg1485.c&rev=1.45&mark=26,56,60#26 The 'name' attribute type seems rarely used, so I added it below the "strict mode" line in my patch.
Attachment #711986 -
Flags: superreview?(rrelyea)
Attachment #711986 -
Flags: feedback?(mozbugzilla)
|
Assignee | |
Comment 1•11 years ago
|
||
With the patch, the 'pp' tool prints the Subject field as:
Subject: "E=xxx@xxx.com,name=testing,CN=xxx,OU=xxx,
O=xxx,L=xxx,ST=CA,C=US"
Comment on attachment 711986 [details] [diff] [review] Patch (In reply to Wan-Teh Chang from comment #0) > The attached patch enables the 'pp' tool to prints the 'name' attribute. > I believe a PSM patch is necessary to allow the Firefox certificate viewer > to display the 'name' attribute. Correct, see e.g. bug 407226 comment 2 (and bug 500333, which is related to Cert Viewer's display of EV certs, in particular). > The 'name' attribute type seems rarely used, so I added it below the > "strict mode" line in my patch. That's preferrable, yes. "Name" was introduced with X.520(11/93), and is meant to be "the attribute supertype from which string attribute types typically used for naming may be formed" - i.e. common name, surname, given name, country name, state or provice name etc. (see Annex B of X.520 for the complete list). So, strictly speaking, name should be avoided whenever there is a more specific naming attribute.
Attachment #711986 -
Flags: feedback?(mozbugzilla) → feedback+
|
||
Comment 3•11 years ago
|
||
Comment on attachment 711986 [details] [diff] [review] Patch r+ rrelyea... At the very least, it should be in the oid table. I'm Also ok with adding it to alg1485.c as well. bob
Attachment #711986 -
Flags: superreview?(rrelyea) → superreview+
|
|
Assignee | |
Comment 4•11 years ago
|
||
Comment on attachment 711986 [details] [diff] [review] Patch https://hg.mozilla.org/projects/nss/rev/c6c62eccc654
Attachment #711986 -
Flags: checked-in+
|
|
Assignee | |
Updated•11 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.15
You need to log in
before you can comment on or make changes to this bug.
Description
•