[SERVER-14735] We need to handle emailAddress in X509 subject Created: 30/Jul/14 Updated: 05/Sep/14 Resolved: 01/Aug/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Alexander Komyagin | Assignee: | Spencer Jackson |
| Resolution: | Cannot Reproduce | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
|||||||
| Operating System: | ALL | |||||||
| Steps To Reproduce: |
|
|||||||
| Participants: | ||||||||
| Description |
|
From RFC the usage of field is deprecated but permitted. See end of chapter 4.1.2.6 Subject from ( http://www.ietf.org/rfc/rfc5280.txt )
Right now emailAddress presence breaks X509 auth |
| Comments |
| Comment by Alexander Komyagin [ 01/Aug/14 ] | ||
|
Could not reproduce with OpenSSL 1.0.1h-fips 5 Jun 2014. (Amazon AMI). | ||
| Comment by Alexander Komyagin [ 31/Jul/14 ] | ||
|
Just generate a certificate with openssl and provide the email field:
The subject will be
I emailed openssl mailing list to see if there are suggestions, and I'm also not sure why "/" is there. -Alex |