Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14735

We need to handle emailAddress in X509 subject

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Cannot Reproduce
    • Icon: Major - P3 Major - P3
    • None
    • None
    • Security
    • None
    • ALL
    • Hide

              int cnBegin = peerSubjectName.find("CN=") + 3;
              int cnEnd = peerSubjectName.find(",", cnBegin);
              std::string commonName = peerSubjectName.substr(cnBegin, cnEnd-cnBegin);
       
              if (_hostNameMatch(remoteHost.c_str(), commonName.c_str())) {
                  return peerSubjectName;
              }

      Show
      int cnBegin = peerSubjectName.find("CN=") + 3; int cnEnd = peerSubjectName.find(",", cnBegin); std::string commonName = peerSubjectName.substr(cnBegin, cnEnd-cnBegin);   if (_hostNameMatch(remoteHost.c_str(), commonName.c_str())) { return peerSubjectName; }

    Description

      From RFC the usage of field is deprecated but permitted.

      See end of chapter 4.1.2.6 Subject from ( http://www.ietf.org/rfc/rfc5280.txt )

      Conforming implementations generating new certificates with
      electronic mail addresses MUST use the rfc822Name in the subject
      alternative name extension (Section 4.2.1.6) to describe such
      identities. Simultaneous inclusion of the emailAddress attribute in
      the subject distinguished name to support legacy implementations is
      deprecated but permitted.

      Right now emailAddress presence breaks X509 auth

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            alex.komyagin@mongodb.com Alexander Komyagin
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: