Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Authority Key Identifier in SubCA and cert validator return codes. #1665

Merged
merged 3 commits into from
Jan 14, 2022
Merged

Fix Authority Key Identifier in SubCA and cert validator return codes. #1665

merged 3 commits into from
Jan 14, 2022

Conversation

mregen
Copy link
Contributor

@mregen mregen commented Jan 14, 2022

  • AuthorityKeyIdentifier in the SubCA contains the SubjectName of the Issuer instead of the IssuerName. Also an application certificate that is signed by a SubCA would contain the false information.
  • The false information has no effect on Windows and macOS, however on linux OpenSSL tests all fields and a chain cannot be fully validated.
  • For CTT tests a few error codes were false returned because ServiceResult replaces the error code with the InnerException.
  • Do not allow to ignore PartialChain validation error, it may have different root cause then the error returned by GetIssuer.

@mregen mregen linked an issue Jan 14, 2022 that may be closed by this pull request
Certficate signed with intermediate CA cannot be validated #1521
Closed
@mregen mregen mentioned this pull request Jan 14, 2022
Merged
@mregen mregen merged commit 6747b47 into master Jan 14, 2022
@mregen mregen deleted the certchain branch January 14, 2022 10:17
mrsuciu pushed a commit to mrsuciu/UA-.NETStandard that referenced this pull request Jan 20, 2022
@mregen @mrsuciu
Fix Authority Key Identifier in SubCA and cert validator return codes. (
c3541ca 
OPCFoundation#1665)

- AuthorityKeyIdentifier in the SubCA contains the SubjectName of the Issuer instead of the IssuerName. Also an application certificate that is signed by a SubCA would contain the false information.
- The false information has no effect on Windows and macOS, however on linux OpenSSL tests all fields and a chain cannot be fully validated.
- For CTT tests a few error codes were return false codes because ServiceResult replaces the error code with the InnerException error.
- Do not allow to ignore PartialChain validation error, it may have different root cause then the error returned by GetIssuer.
@mrsuciu mrsuciu mentioned this pull request Jan 20, 2022
Merged
mregen added a commit that referenced this pull request Jan 20, 2022
@mregen
Merge pull request #1673 from mrsuciu/release/1.4.367
27caf0c 
* Fix Authority Key Identifier in SubCA and cert validator return codes. (#1665)
* Fix: Server endpoints are not returned if GetHostEntry fails. (#1639)
* Added BitwiseAnd and BitwiseOr filter operators and unit tests for existing filter operators  (#1633)
* Fix Authority Key Identifier for Bouncy Castle
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrsuciu mrsuciu mrsuciu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Certficate signed with intermediate CA cannot be validated
2 participants
@mregen @mrsuciu