Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 1167427

Summary: Importing an RSA private key fails if p < q [rhel-5]
Product: Red Hat Enterprise Linux 5 Reporter: Alicja Kario <hkario>
Component: nssAssignee: nss-nspr-maint <nss-nspr-maint>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 5.11CC: amarecek, emaldona, hkario, jrieden, kengert, ksrot, rrelyea
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: nss-3.18.0-1.el5_11 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1150645 Environment:
Last Closed: 2017-04-18 22:02:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1150645, 1158159    
Bug Blocks:    

Description Alicja Kario 2014-11-24 17:53:30 UTC 
+++ This bug was initially created as a clone of Bug #1150645 +++

Description of problem: This problem was reprted upstream. For the original report see https://bugzilla.mozilla.org/show_bug.cgi?id=1049435#c0


Version-Release number of selected component (if applicable):

How reproducible: see above link

Steps to Reproduce: link anove

Actual results:
Following message will appear in dialog:
  The PKCS #12 operation failed for unknown reasons.
On the other hand,
* "openssl pkcs12" can extract key and certificates.
* "openssl verify" can verify signature in EE certificate.


Expected results:
Key and certificates should be imported.

Additional info:

From https://bugzilla.mozilla.org/show_bug.cgi?id=1049435#c42

The NSS change that broke this was in NSS 3.16.2. See
bug 1021102 and the two bugs named in bug 1021102 comment 0.
At that time I thought p > q was required, and any
incompatibility would be discovered quickly during testing
of mozilla-central nightly builds.
Comment 2 RHEL Program Management 2014-11-27 18:04:02 UTC 
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 6 Chris Williams 2017-04-18 22:02:28 UTC 
Red Hat Enterprise Linux 5 shipped it's last minor release, 5.11, on September 14th, 2014. On March 31st, 2017 RHEL 5 exited Production Phase 3 and entered Extended Life Phase. For RHEL releases in the Extended Life Phase, Red Hat  will provide limited ongoing technical support. No bug fixes, security fixes, hardware enablement or root-cause analysis will be available during this phase, and support will be provided on existing installations only.  If the customer purchases the Extended Life-cycle Support (ELS), certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release will be provided.  For more details please consult the Red Hat Enterprise Linux Life Cycle Page:
https://access.redhat.com/support/policy/updates/errata

This BZ does not appear to meet ELS criteria so is being closed WONTFIX. If this BZ is critical for your environment and you have an Extended Life-cycle Support Add-on entitlement, please open a case in the Red Hat Customer Portal, https://access.redhat.com ,provide a thorough business justification and ask that the BZ be re-opened for consideration of an errata. Please note, only certain critical-impact security fixes and selected urgent priority bug fixes for the last minor release can be considered.