Comments (3)
kinichiro
commented on June 2, 2024
1
X509_NAME_print() in crypto/asn1/t_x509.c appears to cause this issue.
It can handle upper cased 1 byte or 2bytes subject string only.
And man page says
The functions X509_NAME_oneline() and X509_NAME_print() are legacy
functions which produce a non-standard output form. They don't handle
multi-character fields and have various quirks and inconsistencies.
Their use is strongly discouraged in new applications.
from openbsd.
kinichiro
commented on June 2, 2024
I tried to see this issue.
At first, I generated private key and CSR by these commands.
$ openssl genpkey -algorithm RSA -out my.key
$ openssl req -new -key my.key -out my.csr \
-subj "/C=UK/L=London/O=Org/OU=Unit/CN=my.domain/[email protected]"
I checked subject of generated CSR by this commad,
and I confirmed emailAddress was merged into CN value.
$ openssl req -in my.csr -text -noout
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=UK, L=London, O=Org, OU=Unit, CN=my.domain/[email protected]
...
I also tried to parse CSR by perspective of ASN1 by this command,
and I found emailAddress was successfully separated from CN.
$ openssl asn1parse -in my.csr -inform PEM -dump
0:d=0 hl=4 l= 689 cons: SEQUENCE
4:d=1 hl=4 l= 409 cons: SEQUENCE
8:d=2 hl=2 l= 1 prim: INTEGER :00
11:d=2 hl=2 l= 108 cons: SEQUENCE
13:d=3 hl=2 l= 11 cons: SET
15:d=4 hl=2 l= 9 cons: SEQUENCE
17:d=5 hl=2 l= 3 prim: OBJECT :countryName
22:d=5 hl=2 l= 2 prim: PRINTABLESTRING :UK
26:d=3 hl=2 l= 15 cons: SET
28:d=4 hl=2 l= 13 cons: SEQUENCE
30:d=5 hl=2 l= 3 prim: OBJECT :localityName
35:d=5 hl=2 l= 6 prim: UTF8STRING :London
43:d=3 hl=2 l= 12 cons: SET
45:d=4 hl=2 l= 10 cons: SEQUENCE
47:d=5 hl=2 l= 3 prim: OBJECT :organizationName
52:d=5 hl=2 l= 3 prim: UTF8STRING :Org
57:d=3 hl=2 l= 13 cons: SET
59:d=4 hl=2 l= 11 cons: SEQUENCE
61:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
66:d=5 hl=2 l= 4 prim: UTF8STRING :Unit
72:d=3 hl=2 l= 18 cons: SET
74:d=4 hl=2 l= 16 cons: SEQUENCE
76:d=5 hl=2 l= 3 prim: OBJECT :commonName
81:d=5 hl=2 l= 9 prim: UTF8STRING :my.domain
92:d=3 hl=2 l= 27 cons: SET
94:d=4 hl=2 l= 25 cons: SEQUENCE
96:d=5 hl=2 l= 9 prim: OBJECT :emailAddress
107:d=5 hl=2 l= 12 prim: IA5STRING :[email protected]
121:d=2 hl=4 l= 290 cons: SEQUENCE
125:d=3 hl=2 l= 13 cons: SEQUENCE
127:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
138:d=4 hl=2 l= 0 prim: NULL
140:d=3 hl=4 l= 271 prim: BIT STRING
...
I could not get an answer yet, though, this issue might just a subject display probrem.
from openbsd.
kinichiro
commented on June 2, 2024
@Gisleburt Can you close this issue ?
from openbsd.
Related Issues (20)
- Is libressl compatible with Linux? HOT 2
- curl-7.73.0 w/ libressl-3.2.2 leaks memory HOT 11
- tls_keypair_load_cert() fail but return no error HOT 2
- SSL_CTX_{g,s}et_security_level HOT 3
- Any possibility of creating a ruby gem for this project? HOT 1
- Inconsistent cert verification errors returned between TLS 1.2 and 1.3 HOT 6
- License information not available HOT 1
- one bug
- stack-buffer-overflow in function x509_constraints_parse_mailbox HOT 2
- TLS 1.3 decrypting support
- SIGSEGV occurred in EVP_MD_CTX_cleanup() immediately after malloc() returned NULL in pkey_hmac_init(). HOT 3
- Missing DSA_meth_set1_name HOT 2
- URI Checks are too strict in subject alt name HOT 2
- netcat may read from invalid file descriptors
- libtls: make the TLS_EOF_NO_CLOSE_NOTIFY bit user-visible
- stack-buffer-overflow(max 5byte) in print_bin() when indent is specified as 124 or more
- SIGSEGV occurs if memory allocation fails in ssl3_setup_init_buffer() called by tls13_use_legacy_stack() when downgrading from TLS1.3. HOT 4
- SSL_get{_peer,}_signature_type_nid implemented but not exported HOT 1
- Compat: Ability to compile without IPv6 support HOT 2
- EVP_get_cipherbynid/EVP_get_digestbynid when given an invalid ID/EVP_get_digestbyname segfaults with NULL argument HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openbsd.