Closed gmpassos closed 2 years ago
hi @gmpassos , it seems EMAIL was deprecated at 1.2.840.113549.1.9.1:
Hello @gmpassos As @TMSantos mentioned, the email attribute ist deprecated and some CA so mit accept it anymore.
Can you explain why you still need it?
I was looking for the documentation of X509Utils.generateRsaCsrPem
and could not find the attributes list. Then I went to Wikipedia.
Maybe we should fix the Wikipedia article...
@gmpassos even thou this is depreacted, my client still requires it, I added this OI in a fork branch I have and it will work, if you are interested:
pointycastle: git: url: https://github.com/TMSantos/pc-dart.git ref: email_oid
it will work with email , the DN attribute for the subject is 'E', the identifier is the follows:
{ 'identifierString': '1.2.840.113549.1.9.1', 'readableName': 'E', 'identifier': [1, 2, 840, 113549, 1, 9, 1] }
(As you can see in below table).
Final result:
Note: as many dart libraries relies on pointycastle, you might need to add override on pubspec.yaml:
dependency_overrides: pointycastle: git: url: https://github.com/TMSantos/pc-dart.git ref: email_oid
I'm trying to integrate LetsEncrypt (acme_client
) and shelf
.
The problem now is how to load the SecurityContext
, since it requires a PKCS12
certificate chain. But all that I have is in PEM:
Unhandled exception:
TlsException: Failure in useCertificateChainBytes (OS Error:
BAD_PKCS12_DATA(pkcs8_x509.c:645), errno = 0)
#0 _SecurityContext.useCertificateChainBytes (dart:io-patch/secure_socket_patch.dart:241:56)
#1 _SecurityContext.useCertificateChain (dart:io-patch/secure_socket_patch.dart:237:5)
Do you know how to generate a PKCS12
chain with a List of PEM strings?
it seems to be open issue https://github.com/flutter/flutter/issues/39190 with http library, maybe alternative is to use HttpClient from dart directly (dart:io), instead of http from Flutter.
@gmpassos for EMAIL thing, according to RFC, EMAIL is replaced by subjectAltName (and this one is already supported):
This package alread supports to convert a list of PEM to PKCS7. The next step would be to convert to PKCS12.
This is in the roadmap and I hope to implement it before the end of the year.
Hi,
Do you know how to generate a self-signed RSA certificate using this package?
This can be used for local tests
@gmpassos Not yet, this is another point on the roadmap. It should not be so complicated at all, but first I have to check some documentation and look how openssl behaves.
It's not much different from CSR
@gmpassos Check Out #55 for the self signing certificate feature! Maybe I can finish it next week.
https://github.com/Ephenodrom/Dart-Basic-Utils/blob/ab6efdf73baecef4cb07d6f4b26d31d53a70e5d7/lib/src/X509Utils.dart#L613
Attribute
EMAIL
is a valid one: https://en.wikipedia.org/wiki/Certificate_signing_request