I am writing to report some bugs. We found that the forge can accept the empty attributes in the issuer/subject. For example, if the issuer cert's subject field and entity cert's issuer field are CN=(null), and also, the forge chained them and returned true when using the provided API, which does not adhere to the related description in RFC 5280. And also, forge can also chain a pair of certificates without the issuer/subject field. That is, the full issuer/subject is NULL, but it can be parsed by the forge and chain them. We use the example in the following:
Hi there,
I am writing to report some bugs. We found that the
forge
can accept the empty attributes in the issuer/subject. For example, if the issuer cert's subject field and entity cert's issuer field areCN=(null)
, and also, theforge
chained them and returned true when using the provided API, which does not adhere to the related description in RFC 5280. And also,forge
can also chain a pair of certificates without the issuer/subject field. That is, the full issuer/subject is NULL, but it can be parsed by theforge
and chain them. We use the example in the following:case 1: empty attribute
case 2: empty field(s)
The example code of the calling API is like this:
Looking forward to your reply. Many thanks