Open gaetanww opened 2 years ago
I ran into this same issue and see this as a split of responsibility between this library and the application using it. Meaning something should account for all of the critical extensions but it doesn't need to be this library alone. Maybe critical-but-unhandled extensions could be signaled to the application rather than causing a hard failure like this.
Yes, that's a good idea. Maybe it should keep validating the certificate chain and raise an exception at the end to allow the application to catch it and sort it out if needed/possible?
I ran into the following error:
The path could not be validated because the end-entity certificate contains the following unsupported critical extension: subject_alt_name
SubjectAltName extension must critical if the Subject field is empty (rfc). It is often critical for non-TLS certificate, for example TPM Endorsement Key certificates.