Open tlhackque opened 2 months ago
I have modified your patch and sent a PR that outputs:
$VAR1 = [
{
"dNSName" => "example.net"
},
{
"iPAddress" => "192.0.0.1"
},
{
"iPAddress" => "192.0.0.2"
},
{
"iPAddress" => "2001:db8:123:0:0:0:0:4"
},
{
"iPAddress" => "2001:2b8:123:0:0:0:0:5"
}
];
Description
IP addresses can be encoded in subjectAltNames, but are in a binary format where distinguishing IPv4 from IPv6 requires using the value's length.
This isn't convenient, especially for humans.
Expected behaviour
The decoding should be done by Crypt::OpenSSL::X509. A sample certificate with ipAddresses is attached.
Actual behaviour
Binary, as described.
Attached patch incorporates #116 and provides a both formats:
ipAddress
andipAddress_txt
, so it is compatible with any existing users of the binary format.The text format for IPv6 does not use compression (to produce the short - :: - form). There are many utilities (such as Net::IP) that can do that, and the uncompressed form is legal.
Step by step guide to reproducing the issue
Attached files Crypt_OpenSSL_X509_subjectaltnameIP.patch
ipacert.pem