Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

X.509: SubjectAlternativeName components are not parsed #2838

Closed
hanno-becker opened this issue Sep 13, 2019 · 0 comments · Fixed by #6882
Closed

X.509: SubjectAlternativeName components are not parsed #2838

hanno-becker opened this issue Sep 13, 2019 · 0 comments · Fixed by #6882
Assignees
@AndrzejKurek
Labels
bug component-x509
Projects
Backlog for Mbed TLS

Comments

@hanno-becker
Copy link

hanno-becker commented Sep 13, 2019
edited
Loading

Context: This is about the parsing of the SubjectAlternativeNames extension within an X.509 certificate. There are differently structured types of alternative name components, and while we don't store them permanently, their structural sanity is checked by mbedtls_x509_parse_subject_alt_name() checked as part of mbedtls_x509_crt_parse() and friends.

Issue: mbedtls_x509_parse_subject_alt_name() is called here:

https://github.com/ARMmbed/mbedtls-restricted/blob/62be28b525076a022b31b0cff8f0e296f9b0bdc6/library/x509_crt.c#L645-L670

It can be seen that tag hasn't yet been stored in cur->buf->tag, so that mbedtls_x509_parse_subject_alt_name() cannot recognize the specific name and will always return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, which is silently ignored afterwards.
@hanno-becker hanno-becker self-assigned this Sep 13, 2019
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Sep 13, 2019
Fix X.509 SAN parsing
419eb05 
Fixes Mbed-TLS#2838. See the issue description for more information.
@hanno-becker hanno-becker mentioned this issue Sep 13, 2019
Closed
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Sep 13, 2019
Fix X.509 SAN parsing
db9dcc3 
Fixes Mbed-TLS#2838. See the issue description for more information.
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Sep 17, 2019
Fix X.509 SAN parsing
37f750a 
Fixes Mbed-TLS#2838. See the issue description for more information.
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Sep 18, 2019
Fix X.509 SAN parsing
617ef89 
Fixes Mbed-TLS#2838. See the issue description for more information.
Patater pushed a commit to Patater/mbedtls that referenced this issue Dec 4, 2019
@Patater
Fix X.509 SAN parsing
fd7548b 
Fixes Mbed-TLS#2838. See the issue description for more information.
@daverodgman daverodgman added this to OPC UA support in EPICs for Mbed TLS Jul 1, 2022
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Jan 5, 2023
Fix X.509 SAN parsing
ab6f951 
Fixes Mbed-TLS#2838. See the issue description for more information.
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Jan 5, 2023
Fix X.509 SAN parsing
011a983 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
@AndrzejKurek AndrzejKurek mentioned this issue Jan 5, 2023
Merged
davidhorstmann-arm pushed a commit that referenced this issue Jan 10, 2023
@davidhorstmann-arm
Fix X.509 SAN parsing
13a3524 
Fixes #2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Jan 12, 2023
Fix X.509 SAN parsing
ccce715 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Feb 7, 2023
Fix X.509 SAN parsing
ae8f8c4 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Feb 8, 2023
Fix X.509 SAN parsing
75ab076 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
paul-elliott-arm pushed a commit to paul-elliott-arm/mbedtls that referenced this issue Feb 14, 2023
@paul-elliott-arm
Fix X.509 SAN parsing
5162539 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
@daverodgman daverodgman added this to OPC UA support in Backlog for Mbed TLS Jul 3, 2023
@daverodgman daverodgman removed this from OPC UA support in EPICs for Mbed TLS Jul 3, 2023
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
@lhuang04
Fix X.509 SAN parsing
8de1fff 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
@lhuang04
Fix X.509 SAN parsing
67d3406 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
@lhuang04
Fix X.509 SAN parsing
c5c1e9e 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
@lhuang04
Fix X.509 SAN parsing
f9a4be2 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
@lhuang04
Fix X.509 SAN parsing
033b4db 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
@lhuang04
Fix X.509 SAN parsing
5fecb9b 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
@lhuang04
Fix X.509 SAN parsing
6262cfa 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
@lhuang04
Fix X.509 SAN parsing
3d2b434 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue May 7, 2024
@lhuang04
Fix X.509 SAN parsing
94ce936 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue May 13, 2024
@lhuang04
Fix X.509 SAN parsing
6c2b20c 
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AndrzejKurek AndrzejKurek

Labels
bug component-x509
Projects
Backlog for Mbed TLS
OPC UA support
Milestone
No milestone
3 participants
@daverodgman @hanno-becker @AndrzejKurek