Open sunmy2019 opened 4 months ago
PKCS#12 format required by openssl 1.1.1 and openssl 3.0 (PKCS12_parse) is different. https://github.com/openssl/openssl/issues/6698
openssl 1.1.1
openssl 3.0
PKCS12_parse
Format 1: openssl 1.1 required: CN = Leaf CN = Root CN = CA #2 CN = CA #1
openssl 1.1
Format 2: openssl 3.0 required: CN = Leaf CN = CA #1 CN = CA #2 CN = Root
This causes compatibility issues in rust-native-rls. https://github.com/sfackler/rust-native-tls/issues/281
rust-native-rls
rust-native-tls officially supports Format 2, when used with openssl 1.1. And in practice, it also supports Format 1, when used with openssl 3.0.
rust-native-tls
Luckily, in our use cases, we only have Leaf and Root. Format 1 and Format 2 are the same. Our users are less likely to be affected.
This is a kind note for users with compatibility issues for PKCS#12.
PKCS#12 format required by
openssl 1.1.1andopenssl 3.0(PKCS12_parse) is different. https://github.com/openssl/openssl/issues/6698Format 1:
openssl 1.1required: CN = Leaf CN = Root CN = CA #2 CN = CA #1Format 2:
openssl 3.0required: CN = Leaf CN = CA #1 CN = CA #2 CN = RootThis causes compatibility issues in
rust-native-rls. https://github.com/sfackler/rust-native-tls/issues/281rust-native-tlsofficially supports Format 2, when used withopenssl 1.1. And in practice, it also supports Format 1, when used withopenssl 3.0.Luckily, in our use cases, we only have Leaf and Root. Format 1 and Format 2 are the same. Our users are less likely to be affected.
This is a kind note for users with compatibility issues for PKCS#12.