certutil lacks a mechanism to encode generic extensions

NEW
Unassigned

Status

NSS
Tools
--
enhancement
4 years ago
4 years ago

People

(Reporter: kaie, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
certutil doesn't offer a way to add generic extensions.
Only the type of extensions that certutil already knows about can be added.

It would be nice if NSS offered a syntax to describe arbitrary extensions, similar to what openssl offers and is described here:
http://www.openssl.org/docs/apps/x509v3_config.html#ARBITRARY_EXTENSIONS
(Reporter)

Updated

4 years ago
Component: Libraries → Tools
I agree it would be awesome to support the "DER:<raw bytes>" syntax, at least. It would make it possible to use certutil to generate invalid test cases for certificate handling.

Kai, are you going to be working on this?
(Reporter)

Updated

4 years ago
See Also: → bug 969822
(Reporter)

Comment 2

4 years ago
> Kai, are you going to be working on this?

This is a tracking bug for the general purpose solution (which I'm not going to work).

Rather, I'm going to implement the workaround that is described in bug 969822 - please let's use bug 969822 for the workaround you are looking for. I believe the work I'll do will help you, even though it will require you loading the binary extension (or the invalid data for testing) from a separate file (instead of the inline syntax you suggested).
You need to log in before you can comment on or make changes to this bug.