Closed pki-bot closed 3 years ago
Comment from awnuk (@awnuk) at 2013-06-25 01:51:39
Added UTF8 to default encoding order:
git push
Counting objects: 17, done.
Compressing objects: 100% (9/9), done.
Writing objects: 100% (9/9), 712 bytes, done.
Total 9 (delta 7), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/pki.git
f5db517..a80cb95 master -> master
Comment from awnuk (@awnuk) at 2013-07-09 19:37:01
Dogtag CA complies with standards by evaluating issuer and subject names in their canonical forms. Unfortunately most of the cryptographic libraries are validating certificates by processing encoded names instead of names in their canonical forms. This information has been confirmed with our crypto group. Lack of proper name processing by cryptographic libraries during certificate validation resulted in CA cross signing issue reported above.
To solve this issue Dogtag CA has two options:
Dogtag CA:
[[BR]]
Solution to CA cross signing issue will be based on:
New solution has to be built in case where profile plug-in preserving subject name with its encoding cannot be developed.
Comment from awnuk (@awnuk) at 2013-08-29 00:24:51
Here are steps to test this feature:
dumpcryptomilk1 cert-111.bin
0 896: SEQUENCE {
4 616: SEQUENCE {
8 3: [0] {
10 1: INTEGER 2
: }
13 1: INTEGER 8
16 13: SEQUENCE {
18 9: OBJECT IDENTIFIER '1 2 840 113549 1 1 11'
29 0: NULL
: }
31 71: SEQUENCE {
33 36: SET {
35 34: SEQUENCE {
37 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
42 27: UTF8String 'example.com Security Domain'
: }
: }
71 31: SET {
73 29: SEQUENCE {
75 3: OBJECT IDENTIFIER commonName (2 5 4 3)
80 22: UTF8String 'CA Signing Certificate'
: }
: }
: }
104 30: SEQUENCE {
106 13: UTCTime 16/08/2013 19:53:07 GMT
121 13: UTCTime 06/08/2015 19:53:07 GMT
: }
136 41: SEQUENCE {
138 11: SET {
140 9: SEQUENCE {
142 3: OBJECT IDENTIFIER organizationName (2 5 4 10)
147 2: PrintableString 'cc'
: }
: }
151 13: SET {
153 11: SEQUENCE {
155 3: OBJECT IDENTIFIER organizationalUnitName (2 5 4 11)
160 4: BMPString 'bb'
: }
: }
166 11: SET {
168 9: SEQUENCE {
170 3: OBJECT IDENTIFIER commonName (2 5 4 3)
175 2: UTF8String 'aa'
: }
: }
: }
. . .
Comment from awnuk (@awnuk) at 2013-08-30 00:43:54
Tickets 676, 677, 681, and 682 are completed.
Comment from edewata (@edewata) at 2017-02-02 21:09:42
Here's the change in master:
Comment from nkinder (@nkinder) at 2017-02-27 14:08:27
Metadata Update from @nkinder:
This issue was migrated from Pagure Issue #448. Originally filed by nkinder (@nkinder) on 2012-12-10 23:02:51:
https://bugzilla.redhat.com/show_bug.cgi?id=883122 (Red Hat Certificate System)