The DCL currently stores certificates in PEM format as character strings, including newline characters \n. When comparing certificates (i.e., validation of certificates when adding CRL Revocation Point), the presence or absence of a trailing newline can cause two otherwise identical certificates to be treated as different.
Recurrent Issue:
Certificates with a trailing newline at the end are considered different from those without, even if their content is identical.
This discrepancy can lead to issues when comparing certificates that are essentially the same but formatted slightly differently.
Suggested Improvement:
It would be beneficial if the DCL could ignore differences caused by trailing newlines when comparing certificates. Specifically, I'd be good implementing logic that:
Doesn't account for trailing newlines from certificates before comparison.
Compares certificates based on their actual content, disregarding the trailing newline as an insignificant difference. (i.e., look for the content within the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- delimiters)
ashcherbakov
commented
2 months ago
The DCL currently stores certificates in PEM format as character strings, including newline characters
\n. When comparing certificates (i.e., validation of certificates when adding CRL Revocation Point), the presence or absence of a trailing newline can cause two otherwise identical certificates to be treated as different.Recurrent Issue:
Suggested Improvement:
It would be beneficial if the DCL could ignore differences caused by trailing newlines when comparing certificates. Specifically, I'd be good implementing logic that: