Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NSS does not like colons in token label #2725

Closed
Jakuje opened this issue Mar 6, 2023 · 1 comment · Fixed by #2760
Closed

NSS does not like colons in token label #2725

Jakuje opened this issue Mar 6, 2023 · 1 comment · Fixed by #2760

Comments

@Jakuje
Copy link
Member

Jakuje commented Mar 6, 2023

Problem Description

I was made aware of the following NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=1817553 with new CAC cards containing colons in CN of certificates, which is being propagated to the token labels.

From there the NSS composes the certificate "nicknames" in format of "token label":"certificate label" and depends on the "token label" not having any colons in it.

Proposed Resolution

We are discussing some workarounds in NSS, but other option might be to provide a bit more flexibility using configuration options (on NSS quirks similar to #2681) to either replace colons from CN or use more generic "Common Access Card" or something.

Steps to reproduce

  • Have a card with token name containing colon
  • Try to add it and use it from Firefox/Thunderbird or any NSS application

Logs

no logs available
@mouse07410
Copy link
Contributor

Replacing colons with e.g. "_" seems the best. Using more generic "CAC" instead seems acceptable, though not as good.

Jakuje added a commit to Jakuje/OpenSC that referenced this issue Apr 24, 2023
@Jakuje
pkcs11: Do not use colons in the token info label
6f20995 
The NSS can not handle tokens with colons in token info labels because
it is using colon as a separator for token info label and object label.

Fixes: OpenSC#2725

More information available in the following SS bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1817553
Jakuje added a commit to Jakuje/OpenSC that referenced this issue Apr 24, 2023
@Jakuje
pkcs11: Do not use colons in the token info label
713534b 
The NSS can not handle tokens with colons in token info labels because
it is using colon as a separator for token info label and object label.

Fixes: OpenSC#2725

More information available in the following SS bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1817553
@Jakuje Jakuje mentioned this issue Apr 24, 2023
Merged
5 tasks
Jakuje added a commit to Jakuje/OpenSC that referenced this issue Apr 24, 2023
@Jakuje
pkcs11: Do not use colons in the token info label
bb1d9f7 
The NSS can not handle tokens with colons in token info labels because
it is using colon as a separator for token info label and object label.

Fixes: OpenSC#2725

More information available in the following SS bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1817553
Jakuje added a commit to Jakuje/OpenSC that referenced this issue Apr 25, 2023
@Jakuje
pkcs11: Do not use colons in the token info label
66afffc 
The NSS can not handle tokens with colons in token info labels because
it is using colon as a separator for token info label and object label.

Fixes: OpenSC#2725

More information available in the following SS bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1817553
Jakuje added a commit to Jakuje/OpenSC that referenced this issue Apr 26, 2023
@Jakuje
pkcs11: Do not use colons in the token info label
14381dd 
The NSS can not handle tokens with colons in token info labels because
it is using colon as a separator for token info label and object label.

Fixes: OpenSC#2725

More information available in the following NSS bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1817553
frankmorgner pushed a commit that referenced this issue Apr 28, 2023
@Jakuje @frankmorgner
pkcs11: Do not use colons in the token info label
34d1b06 
The NSS can not handle tokens with colons in token info labels because
it is using colon as a separator for token info label and object label.

Fixes: #2725

More information available in the following NSS bug:

https://bugzilla.mozilla.org/show_bug.cgi?id=1817553
@krbvroc1 krbvroc1 mentioned this issue May 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

pkcs11: Do not use colons in the token info label Jakuje/OpenSC
2 participants
@Jakuje @mouse07410