Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the AuthorityKeyIdentifier SubCA Issuer for Bouncy Castle CertificateBuilder. #1677

Merged
merged 1 commit into from
Jan 24, 2022
Merged

Fix the AuthorityKeyIdentifier SubCA Issuer for Bouncy Castle CertificateBuilder. #1677

merged 1 commit into from
Jan 24, 2022

Conversation

mregen
Copy link
Contributor

@mregen mregen commented Jan 22, 2022
edited

  • The missing fix in 6747b47 for the bouncy castle certificate builder which was used in .NET Core 2.1 (eol) and .NET 4.6.2, unnoticed in the tests because windows only uses the keyId to validate the chain.
  • AuthorityKeyIdentifier in the SubCA contains the SubjectName of the Issuer instead of the IssuerName. Also an application certificate that is signed by a SubCA would contain the false information.
  • The false information has no effect on Windows and macOS, however on linux OpenSSL tests all fields and a chain cannot be fully validated.

@codecov
Copy link

codecov bot commented Jan 22, 2022
edited

Codecov Report

Merging #1677 (5d62721) into master (33ae736) will increase coverage by 0.01%.
The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1677      +/-   ##
==========================================
+ Coverage   53.90%   53.91%   +0.01%     
==========================================
  Files         319      319              
  Lines       57898    57898              
==========================================
+ Hits        31208    31215       +7     
+ Misses      26690    26683       -7
Impacted Files Coverage Δ
...ack/Opc.Ua.Core/Stack/Transport/AsyncResultBase.cs 61.61% <0.00%> (-5.06%) ⬇️
...es/Opc.Ua.Server/Diagnostics/MonitoredItemQueue.cs 34.02% <0.00%> (-4.87%) ⬇️
...indings.Https/Stack/Https/HttpsTransportChannel.cs 68.45% <0.00%> (-3.36%) ⬇️
Stack/Opc.Ua.Core/Types/BuiltIn/DiagnosticInfo.cs 60.00% <0.00%> (-1.38%) ⬇️
Libraries/Opc.Ua.Server/Session/SessionManager.cs 71.37% <0.00%> (-1.04%) ⬇️
Stack/Opc.Ua.Core/Types/Utils/ServiceResult.cs 61.68% <0.00%> (-0.94%) ⬇️
...raries/Opc.Ua.Server/Subscription/MonitoredItem.cs 44.02% <0.00%> (-0.61%) ⬇️
...braries/Opc.Ua.Server/Subscription/Subscription.cs 59.68% <0.00%> (+0.11%) ⬆️
.../Opc.Ua.Server/Subscription/SubscriptionManager.cs 61.19% <0.00%> (+0.14%) ⬆️
Libraries/Opc.Ua.Client/Subscription.cs 71.27% <0.00%> (+0.84%) ⬆️
... and 1 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 33ae736...5d62721. Read the comment docs.

@mregen mregen requested a review from mrsuciu January 24, 2022 13:17
@mregen mregen merged commit 2c9699b into master Jan 24, 2022
@mregen mregen deleted the akey_bouncycastle branch January 24, 2022 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrsuciu mrsuciu mrsuciu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@mregen @mrsuciu