11:05 p.m.
Please review the following patch for
https://bugzilla.redhat.com/show_bug.cgi?id=928680
https://bugzilla.redhat.com/attachment.cgi?id=733986&action=diff&...
Please note that the 1st reported issue regarding trust bits was
pre-existing with RSA, so it is not specific to ECC.
thanks,
Christina
10:35 a.m.
ACK
On Wed, 2013-04-10 at 21:05 -0700, Christina Fu wrote:
Please review the following patch for
https://bugzilla.redhat.com/show_bug.cgi?id=928680
https://bugzilla.redhat.com/attachment.cgi?id=733986&action=diff&...
Please note that the 1st reported issue regarding trust bits was
pre-existing with RSA, so it is not specific to ECC.
thanks,
Christina
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
11:11 a.m.
Endi brought up an interesting question ..
In this code, you do a string comparison to find the CA cert.
+ if (ca_certs[i].getSubjectDN().toString().equals(
+ cert.getIssuerDN().toString())) {
Is a string comparison valid? For example, if one uses c=US and the
other uses C=US, then the string comparison might fail. Shouldn't some
DN comparison operation be done instead?
Ade
On Thu, 2013-04-11 at 11:35 -0400, Ade Lee wrote:
ACK
On Wed, 2013-04-10 at 21:05 -0700, Christina Fu wrote:
> Please review the following patch for
> https://bugzilla.redhat.com/show_bug.cgi?id=928680
>
>
https://bugzilla.redhat.com/attachment.cgi?id=733986&action=diff&...
>
> Please note that the 1st reported issue regarding trust bits was
> pre-existing with RSA, so it is not specific to ECC.
>
> thanks,
> Christina
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
12:02 p.m.
On 04/11/2013 09:11 AM, Ade Lee wrote:
Endi brought up an interesting question ..
In this code, you do a string comparison to find the CA cert.
+ if (ca_certs[i].getSubjectDN().toString().equals(
+ cert.getIssuerDN().toString())) {
Is a string comparison valid? For example, if one uses c=US and the
other uses C=US, then the string comparison might fail. Shouldn't some
DN comparison operation be done instead?
The Issuer DN of a cert and the Subject DN
of the issuer's cert have to
be encoded exactly the same, therefore, the string comparison within the
same Java VM should result the same.
Ideally, I'd want to compare Authority Key Identifier and Subject Key
Identifier but due to the lack of JSS exposure for appropriate NSS
functions, I took an easier route.
This brought up something else. I originally was going to look through
PKCS7 instead of searching the DB for efficiency, however, again, due to
lack of JSS functions, I had to change course yesterday. I made such
decision because pkisilent is just a tool that is to be run once during
installation, so if it does take a little longer it should be fine for now.
I think later when we have time we should refactor JSS and offer richer
interfaces.
thanks,
Christina
Ade
On Thu, 2013-04-11 at 11:35 -0400, Ade Lee wrote:
> ACK
>
> On Wed, 2013-04-10 at 21:05 -0700, Christina Fu wrote:
>> Please review the following patch for
>> https://bugzilla.redhat.com/show_bug.cgi?id=928680
>>
>>
https://bugzilla.redhat.com/attachment.cgi?id=733986&action=diff&...
>>
>> Please note that the 1st reported issue regarding trust bits was
>> pre-existing with RSA, so it is not specific to ECC.
>>
>> thanks,
>> Christina
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
4273
days inactive
4273
days old
3 comments
2 participants
participants (2)
-
Ade Lee -
Christina Fu