Fix for Bug 437804: certutil -R for cert renewal should derive the subject from the cert if none is specified

1 files changed, 16 insertions, 2 deletions

diff --git a/security/nss/cmd/certutil/certutil.c b/security/nss/cmd/certutil/certutil.c
index d37a35467..6ae740d50 100644
--- a/security/nss/cmd/certutil/certutil.c
+++ b/security/nss/cmd/certutil/certutil.c
@@ -2207,7 +2207,7 @@ certutil_main(int argc, char **argv, PRBool initialize)
     /*  If making a cert request, need a subject.  */
     if ((certutil.commands[cmd_CertReq].activated ||
          certutil.commands[cmd_CreateAndAddCert].activated) &&
-        !certutil.options[opt_Subject].activated) {
+        !(certutil.options[opt_Subject].activated || keysource)) {
 	PR_fprintf(PR_STDERR, 
 	           "%s -%c: subject is required to create a cert request.\n",
 	           progName, commandToRun);
@@ -2626,14 +2626,28 @@ merge_fail:
 	    privkey = PK11_FindKeyByDERCert(slot, keycert, &pwdata);
 	    if (privkey)
 		pubkey = CERT_ExtractPublicKey(keycert);
-	    CERT_DestroyCertificate(keycert);
 	    if (!pubkey) {
 		SECU_PrintError(progName,
 				"Could not get keys from cert %s", keysource);
 		rv = SECFailure;
+		CERT_DestroyCertificate(keycert);
 		goto shutdown;
 	    }
 	    keytype = privkey->keyType;
+	    /* On CertReq for renewal if no subject has been
+	     * specified obtain it from the certificate. 
+	     */
+	    if (certutil.commands[cmd_CertReq].activated && !subject) {
+	        subject = CERT_AsciiToName(keycert->subjectName);
+	        if (!subject) {
+	            SECU_PrintError(progName,
+			"Could not get subject from certificate %s", keysource);
+	            CERT_DestroyCertificate(keycert);
+	            rv = SECFailure;
+	            goto shutdown;
+	        }
+	    }
+	    CERT_DestroyCertificate(keycert);
 	} else {
 	    privkey = 
 		CERTUTIL_GeneratePrivateKey(keytype, slot, keysize,