On Wed, May 29, 2013 9:11 pm, Yoshi Huang wrote: > On 05/28/2013 05:20 PM, Yoshi Huang wrote: > > Hi, > > Given that my PKCS 12 file doesn't contain any 'friendlyName' > > attribute in it, > > nor my certificate DB doesn't have any certificate which has the same > > subject name with my PKCS12. > > > > If I use Firefox to import my PKCS 12 file, the nickname would become > > "Imported Certificate # N", > > (By using certutil -L -d path to find out) > > > > On the other hand, > > if I use pk12util or Chromium to do that, it would show 'Certificate > > name' - 'Orginazation Name' . > > > > So my first question is why Firefox uses this 'Imported Certificate # > > N' pattern ? > Digging throught Bugzilla, this pattern is done in > https://bugzilla.mozilla.org/show_bug.cgi?id=94499 > And it was quite a long time ago. > > Although currently Firefox doesn't display nickname to users in PSM, > but in the near future, FirefoxOS (B2G) will need to display this > (nickname) to the user, > and also pass this information to other components > (A use case will be like Wifi for WPA/EAP, user is going to import the > certificate, and choose the imported > certificate by nickname in Wifi Enterprise config.. etc) > > Do you have any comment that we'd still keep this pattern (Imported > Certificate # N), > or any comment for creating a new default pattern which is more > user-friendly ? > > Thanks > > -- > Yoshi Huang, Mozilla Taiwan > allstars....@mozilla.com > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto >
Hi Yoshi, This is actually something I ran into recently while fixing a series of Chromium issues (eg: https://code.google.com/p/chromium/issues/detail?id=237870 ) It would actually be much more useful if the PCKS#12 functions had a more robust callback than currently implemented, so that PKCS#12 nicknames can be aligned with manually imported nicknames. This will require supplying the actual CERTCertificate* failing to import, rather than its nickname, so that a proper nickname can be generated. BTW, the Chromium PKCS#12 import is more akin to "a very buggy PSM" - so I wouldn't hold it up as much, at least until we fix this bug. This will solve both our problems. Cheers, Ryan -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
