The parser implementation didn't work for CSR's containing a second attribute. The parser function was re-implemented and should work now according to RFC 2986, section 4.1, which defines multiple attributes:
CertificationRequestInfo ::= SEQUENCE {
version INTEGER { v1(0) } (v1,...),
subject Name,
subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
attributes [0] Attributes{{ CRIAttributes }}
}
SubjectPublicKeyInfo { ALGORITHM : IOSet} ::= SEQUENCE {
algorithm AlgorithmIdentifier {{IOSet}},
subjectPublicKey BIT STRING
}
PKInfoAlgorithms ALGORITHM ::= {
... -- add any locally defined algorithms here -- }
Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}
CRIAttributes ATTRIBUTE ::= {
... -- add any locally defined attributes here -- }
Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
type ATTRIBUTE.&id({IOSet}),
values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
}
Special thanks to my rubber duck debugger @fzpp, who gave crucial hints.
chifflier
commented
1 year ago
The parser implementation didn't work for CSR's containing a second attribute. The parser function was re-implemented and should work now according to RFC 2986, section 4.1, which defines multiple attributes:
Special thanks to my rubber duck debugger @fzpp, who gave crucial hints.