Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Cannot Reproduce
Priority: Major - P3
Fix Version/s: None
Affects Version/s: None
Component/s: Security
Labels:
None

Operating System:
ALL

Steps To Reproduce:

Hide

        int cnBegin = peerSubjectName.find("CN=") + 3;
        int cnEnd = peerSubjectName.find(",", cnBegin);
        std::string commonName = peerSubjectName.substr(cnBegin, cnEnd-cnBegin);

        if (_hostNameMatch(remoteHost.c_str(), commonName.c_str())) {
            return peerSubjectName;
        }

Show

int cnBegin = peerSubjectName.find( "CN=" ) + 3; int cnEnd = peerSubjectName.find( "," , cnBegin); std::string commonName = peerSubjectName.substr(cnBegin, cnEnd-cnBegin); if (_hostNameMatch(remoteHost.c_str(), commonName.c_str())) { return peerSubjectName; }

CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

From RFC the usage of field is deprecated but permitted.

See end of chapter 4.1.2.6 Subject from ( http://www.ietf.org/rfc/rfc5280.txt )

Conforming implementations generating new certificates with
electronic mail addresses MUST use the rfc822Name in the subject
alternative name extension (Section 4.2.1.6) to describe such
identities. Simultaneous inclusion of the emailAddress attribute in
the subject distinguished name to support legacy implementations is
deprecated but permitted.

Right now emailAddress presence breaks X509 auth

Assignee:: Spencer Jackson
Reporter:: Alexander Komyagin (Inactive)
Participants:: Alexander Komyagin, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Jul 30 2014 09:59:42 PM UTC
Updated:: Sep 05 2014 03:14:15 PM UTC
Resolved:: Aug 01 2014 08:55:15 PM UTC

Details

Description

Attachments

Activity

People

Dates