Bug 1146592
| Summary: | pk12util can't import pkcs12 file when it's generated via gnutls (importing an RSA private key fails if p < q) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Aleš Mareček <amarecek> |
| Component: | nss | Assignee: | Elio Maldonado Batiz <emaldona> |
| Status: | CLOSED DUPLICATE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | urgent | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 7.0 | CC: | kengert, rrelyea, sforsber |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-10-09 20:33:07 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Aleš Mareček
2014-09-25 15:11:48 UTC
We do need to fix this, but it's not a regression in RHEL 7.0z: rpm -q nss nss-softokn nss-util nss-3.16.2-2.el7_0.x86_64 nss-softokn-3.16.2-1.el7_0.x86_64 nss-util-3.16.2-1.el7_0.x86_64 [bob@localhost ~]$ mkdir testdb [bob@localhost ~]$ certutil -N -d testdb Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, and should contain at least one non-alphabetic character. Enter new password: Re-enter password: [bob@localhost ~]$ pk12util -d testdb -i ca.p12 Enter password for PKCS12 file: pk12util: no nickname for cert in PKCS12 file. pk12util: using nickname: ca.example.com - Unspecified pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key. [bob@localhost ~]$ which pk12util /usr/bin/pk12util [bob@localhost ~]$ ldd `which pk12util` linux-vdso.so.1 => (0x00007fffa66fb000) libssl3.so => /lib64/libssl3.so (0x00007f12ec815000) libsmime3.so => /lib64/libsmime3.so (0x00007f12ec5ee000) libnss3.so => /lib64/libnss3.so (0x00007f12ec2c8000) libnssutil3.so => /lib64/libnssutil3.so (0x00007f12ec09c000) libplc4.so => /lib64/libplc4.so (0x00007f12ebe97000) libplds4.so => /lib64/libplds4.so (0x00007f12ebc92000) libnspr4.so => /lib64/libnspr4.so (0x00007f12eba54000) libsoftokn3.so => /lib64/libsoftokn3.so (0x00007f12eb815000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f12eb5f8000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f12eb3f4000) libc.so.6 => /lib64/libc.so.6 (0x00007f12eb033000) libz.so.1 => /lib64/libz.so.1 (0x00007f12eae1c000) librt.so.1 => /lib64/librt.so.1 (0x00007f12eac14000) libsqlite3.so.0 => /lib64/libsqlite3.so.0 (0x00007f12ea95e000) /lib64/ld-linux-x86-64.so.2 (0x00007f12eca6a000) I suppose the "ca.p12" file is the one I sent? It should be attached probably (or mechanism how to generate it). See Bug 1150645 Marking as a duplicate of bug 1150645, as suggested by Bob. This makes sense, because this bug is a "nss" component bug, the other one is an "nss-softokn" component bug - where the problem resides. The other bug already has some approvals. Can you please copy over relevant test information? We believe this is the same scenario. Thank you. *** This bug has been marked as a duplicate of bug 1150645 *** |