CSR attribute EMAIL is missing.

[gmpassos]

https://github.com/Ephenodrom/Dart-Basic-Utils/blob/ab6efdf73baecef4cb07d6f4b26d31d53a70e5d7/lib/src/X509Utils.dart#L613

Attribute EMAIL is a valid one: https://en.wikipedia.org/wiki/Certificate_signing_request

[TMSantos]

hi @gmpassos , it seems EMAIL was deprecated at 1.2.840.113549.1.9.1:

[Ephenodrom]

Hello @gmpassos As @TMSantos mentioned, the email attribute ist deprecated and some CA so mit accept it anymore.

Can you explain why you still need it?

[gmpassos]

I was looking for the documentation of X509Utils.generateRsaCsrPem and could not find the attributes list. Then I went to Wikipedia.

Maybe we should fix the Wikipedia article...

[TMSantos]

@gmpassos even thou this is depreacted, my client still requires it, I added this OI in a fork branch I have and it will work, if you are interested:

pointycastle: git: url: https://github.com/TMSantos/pc-dart.git ref: email_oid

it will work with email , the DN attribute for the subject is 'E', the identifier is the follows:

{ 'identifierString': '1.2.840.113549.1.9.1', 'readableName': 'E', 'identifier': [1, 2, 840, 113549, 1, 9, 1] }

(As you can see in below table).

Final result:

Note: as many dart libraries relies on pointycastle, you might need to add override on pubspec.yaml:

dependency_overrides: pointycastle: git: url: https://github.com/TMSantos/pc-dart.git ref: email_oid

[gmpassos]

I'm trying to integrate LetsEncrypt (acme_client) and shelf.

The problem now is how to load the SecurityContext, since it requires a PKCS12 certificate chain. But all that I have is in PEM:

Unhandled exception:
TlsException: Failure in useCertificateChainBytes (OS Error: 
    BAD_PKCS12_DATA(pkcs8_x509.c:645), errno = 0)
#0      _SecurityContext.useCertificateChainBytes (dart:io-patch/secure_socket_patch.dart:241:56)
#1      _SecurityContext.useCertificateChain (dart:io-patch/secure_socket_patch.dart:237:5)

Do you know how to generate a PKCS12 chain with a List of PEM strings?

[TMSantos]

it seems to be open issue https://github.com/flutter/flutter/issues/39190 with http library, maybe alternative is to use HttpClient from dart directly (dart:io), instead of http from Flutter.

@gmpassos for EMAIL thing, according to RFC, EMAIL is replaced by subjectAltName (and this one is already supported):

[Ephenodrom]

This package alread supports to convert a list of PEM to PKCS7. The next step would be to convert to PKCS12.

This is in the roadmap and I hope to implement it before the end of the year.

[gmpassos]

Hi,

Do you know how to generate a self-signed RSA certificate using this package?

This can be used for local tests

[Ephenodrom]

@gmpassos Not yet, this is another point on the roadmap. It should not be so complicated at all, but first I have to check some documentation and look how openssl behaves.

[gmpassos]

It's not much different from CSR

[Ephenodrom]

@gmpassos Check Out #55 for the self signing certificate feature! Maybe I can finish it next week.