diff options
author | emaldona%redhat.com <devnull@localhost> | 2008-09-30 18:53:25 +0000 |
---|---|---|
committer | emaldona%redhat.com <devnull@localhost> | 2008-09-30 18:53:25 +0000 |
commit | 04c72c6a2f735f6f3969c2c8894bde9905824985 (patch) | |
tree | 279f98e91a42cd9e54dd50a2424e01135ed42aa0 | |
parent | 9276fba360c7141b5e9add6b5fb15efd0abd2dd1 (diff) | |
download | nss-hg-04c72c6a2f735f6f3969c2c8894bde9905824985.tar.gz |
Fix for Bug 437804: certutil -R for cert renewal should derive the subject from the cert if none is specified
-rw-r--r-- | security/nss/cmd/certutil/certutil.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c index d37a35467..6ae740d50 100644 --- a/security/nss/cmd/certutil/certutil.c +++ b/security/nss/cmd/certutil/certutil.c @@ -2207,7 +2207,7 @@ certutil_main(int argc, char **argv, PRBool initialize) /* If making a cert request, need a subject. */ if ((certutil.commands[cmd_CertReq].activated || certutil.commands[cmd_CreateAndAddCert].activated) && - !certutil.options[opt_Subject].activated) { + !(certutil.options[opt_Subject].activated || keysource)) { PR_fprintf(PR_STDERR, "%s -%c: subject is required to create a cert request.\n", progName, commandToRun); @@ -2626,14 +2626,28 @@ merge_fail: privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata); if (privkey) pubkey = CERT_ExtractPublicKey(keycert); - CERT_DestroyCertificate(keycert); if (!pubkey) { SECU_PrintError(progName, "Could not get keys from cert %s", keysource); rv = SECFailure; + CERT_DestroyCertificate(keycert); goto shutdown; } keytype = privkey->keyType; + /* On CertReq for renewal if no subject has been + * specified obtain it from the certificate. + */ + if (certutil.commands[cmd_CertReq].activated && !subject) { + subject = CERT_AsciiToName(keycert->subjectName); + if (!subject) { + SECU_PrintError(progName, + "Could not get subject from certificate %s", keysource); + CERT_DestroyCertificate(keycert); + rv = SECFailure; + goto shutdown; + } + } + CERT_DestroyCertificate(keycert); } else { privkey = CERTUTIL_GeneratePrivateKey(keytype, slot, keysize, |