Open andreasley opened 1 month ago
Thanks for filing this! You're right that we don't seem to be doing what OpenSSL expects, but I don't think this is a swift-asn1 bug. I think this is an issue in the way we serialize this specific field. I know what we're doing differently, but I'm doing a bit of digging to try to work out why we're doing it differently.
Ok so I've got this, the issue here is the implicit tagging of general name. I think I have a fix in flight but it's triggering a bit of a weird Swift behaviour, so I'm going to chat with the Swift team quickly to work out how we could work around it.
Commit hash: d93756ba92cde1891de0f433884a7b197bb28d4b
I'm trying to create a
Certificate
that is signed by a (pre-existing, imported) CA certificate. To make a valid chain, I'm specifying an Authority Key Identifier for the newCertificate
by passing the CA certificate's issuer as aDistinguishedName
into aGeneralName.directoryName
.The resulting certificate is malformed, which is clearly visible when analyzing it with the following command:
$ openssl x509 -in /path/to/generated/cert.pem -text -noout
Actual output (varies with each generation!):
Expected output:
I suspect the problem could originate in swift-asn1 (maybe here?).
Minimal reproducible example:
Technical details:
$ swift --version swift-driver version: 1.90.11.1 Apple Swift version 5.10 (swiftlang-5.10.0.13 clang-1500.3.9.4) Target: arm64-apple-macosx14.0
Operating system: macOS 14.5
$ uname -a Darwin Kernel Version 23.5.0: Wed May 1 20:12:58 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T6000 arm64