New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PRINTABLE_STRING in signing request prevents wildcard domains #468

Closed
kevinpt opened this Issue Apr 28, 2016 · 3 comments

Comments

Projects
None yet
4 participants
@kevinpt

kevinpt commented Apr 28, 2016

When creating a certificate signing request, x509_write_name() uses the PRINTABLE_STRING type for everything but emailAddress. This prevents the use of asterisks to create a wildcard domain as part of the common/domain name since they aren't part of that character set. The request will still be created but Openssl complains about invalid characters and stops processing the request.

It would be more useful to also use IA5_STRING for the MBEDTLS_OID_AT_CN OID.

@ciarmcom ciarmcom added the mirrored label Apr 28, 2016

@ciarmcom

This comment has been minimized.

Member

ciarmcom commented Apr 28, 2016

ARM Internal Ref: IOTSSL-733

@sbutcher-arm

This comment has been minimized.

Collaborator

sbutcher-arm commented May 4, 2016

Hi @kevinpt,

This isn't a planned enhancement, but we would certainly welcome a community contribution that provides this as a configurable option.

@hanno-arm

This comment has been minimized.

Contributor

hanno-arm commented Nov 8, 2018

Fixed through #1641.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment