Skip to content

Replace conflicting nssdb objects #695

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
areed merged 3 commits into from
Feb 10, 2025
Merged

Replace conflicting nssdb objects #695

areed merged 3 commits into from
Feb 10, 2025

Conversation

@areed
Copy link
Contributor

@areed areed commented Feb 7, 2025
edited
Loading

When importing certificates and keys into an NSS db replace any with a conflicting CKA_ID, which holds the certs subject key id.

Add new DeleteCertificatesByName command to clean up certificates and their keys by nickname.

Also fix bug with generating initialization vector for aes256-cbc. Also fix pk1sign test that allowed bug to go undetected.

💔Thank you!

@areed
Replace conflicting nssdb objects
632c7e7 
When importing certificates and keys into an NSS db replace any with a
conflicting CKA_ID, which holds the certs subject key id.

Also fix bug with generating initialization vector for aes256-cbc.
Also fix pk1sign test that allowed bug to go undetected.
areed
areed commented Feb 7, 2025
View reviewed changes
@areed areed requested a review from maraino February 7, 2025 03:34
maraino
maraino requested changes Feb 7, 2025
View reviewed changes
Copy link
Contributor

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Deleting objects is always dangerous, I think we should consider what the NSS tools do in those cases.

To me, it should be an option of the user, in this case, by the application using this package. But it would be ok, if that is the behavior used by the default tools used to manage those databases.

@areed areed requested a review from maraino February 9, 2025 18:41
maraino
maraino approved these changes Feb 10, 2025
View reviewed changes
Copy link
Contributor

@maraino maraino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although the behavior of deleting objects is not ideal, I think it should be an option in the app using this, but as it's the default behavior in pk12util, let's go with this for now.

@areed areed merged commit 277e716 into master Feb 10, 2025
10 of 12 checks passed
@areed areed deleted the areed/nssdb-replace branch February 10, 2025 21:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@maraino maraino maraino approved these changes

Assignees

No one assigned

Labels

needs triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@areed @maraino