Closed IsaacCalligeros95 closed 3 months ago
Release Note: Fixed an issue where certificate metadata validation returns a byte array and throws an exception when using non string inputs like otherName.1 = 1.3.6.1.4.1.111.20.2.3;UTF8:<mailto:0111111111@test.gov|0111111111@test.gov>
:tada: The fix for this issue has been released in:
Release stream | Release |
---|---|
2024.1 | 2024.1.12849 |
2024.2 | 2024.2.9206 |
2024.3 | 2024.3.3183 |
2024.4+ | all releases |
Severity
Sev 2
Version
All, Latest
Latest Version
None
What happened?
Importing certificates with non-standard SAN values like
1.3.6.1.4.1.111.20.2.3;UTF8:0111111111@test.gov
failReproduction
openssl genrsa -out ca.key 2048
openssl req -new -sha256 -key ca.key -out ca.csr -config csr.conf
openssl x509 -req -sha256 -days 730 -in ca.csr -signkey ca.key -out ca.crt
openssl genrsa -out server.key 2048
openssl req -new -sha256 -key server.key -out server.csr -config csr.conf
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3650 -sha256 -extfile cert.conf
openssl x509 -inform pem -in server.crt -outform der -out san_certificate.der
Import the certificate into Octopus.
Error and Stacktrace
More Information
No response
Workaround
No response