Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

X.509: SubjectAlternativeName components are not parsed #2838

Closed
hanno-becker opened this issue Sep 13, 2019 · 0 comments · Fixed by #6882
Closed

X.509: SubjectAlternativeName components are not parsed #2838

hanno-becker opened this issue Sep 13, 2019 · 0 comments · Fixed by #6882

Comments

@hanno-becker
Copy link

hanno-becker commented Sep 13, 2019

Context: This is about the parsing of the SubjectAlternativeNames extension within an X.509 certificate. There are differently structured types of alternative name components, and while we don't store them permanently, their structural sanity is checked by mbedtls_x509_parse_subject_alt_name() checked as part of mbedtls_x509_crt_parse() and friends.

Issue: mbedtls_x509_parse_subject_alt_name() is called here:

https://github.com/ARMmbed/mbedtls-restricted/blob/62be28b525076a022b31b0cff8f0e296f9b0bdc6/library/x509_crt.c#L645-L670

It can be seen that tag hasn't yet been stored in cur->buf->tag, so that mbedtls_x509_parse_subject_alt_name() cannot recognize the specific name and will always return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, which is silently ignored afterwards.

@hanno-becker hanno-becker self-assigned this Sep 13, 2019
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Sep 13, 2019
Fixes Mbed-TLS#2838. See the issue description for more information.
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Sep 13, 2019
Fixes Mbed-TLS#2838. See the issue description for more information.
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Sep 17, 2019
Fixes Mbed-TLS#2838. See the issue description for more information.
hanno-becker pushed a commit to hanno-becker/mbedtls that referenced this issue Sep 18, 2019
Fixes Mbed-TLS#2838. See the issue description for more information.
Patater pushed a commit to Patater/mbedtls that referenced this issue Dec 4, 2019
Fixes Mbed-TLS#2838. See the issue description for more information.
@daverodgman daverodgman added this to OPC UA support in EPICs for Mbed TLS Jul 1, 2022
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Jan 5, 2023
Fixes Mbed-TLS#2838. See the issue description for more information.
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Jan 5, 2023
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
davidhorstmann-arm pushed a commit that referenced this issue Jan 10, 2023
Fixes #2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Jan 12, 2023
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Feb 7, 2023
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
AndrzejKurek pushed a commit to AndrzejKurek/mbedtls that referenced this issue Feb 8, 2023
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
paul-elliott-arm pushed a commit to paul-elliott-arm/mbedtls that referenced this issue Feb 14, 2023
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
@daverodgman daverodgman added this to OPC UA support in Backlog for Mbed TLS Jul 3, 2023
@daverodgman daverodgman removed this from OPC UA support in EPICs for Mbed TLS Jul 3, 2023
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue Apr 2, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue May 7, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
lhuang04 pushed a commit to lhuang04/mbedtls that referenced this issue May 13, 2024
Fixes Mbed-TLS#2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment