-
Notifications
You must be signed in to change notification settings - Fork 122
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x509-cert: RdnSequence.to_string() not producing RFC4514 compliant string representations #1121
Comments
Note: originally implemented in #464 /cc @npmccallum |
I definitely agree with the ordering issue, but about the naming of the parameter, I think nameing it
As specified in the RFC. Is there a precedence rule that I'd be missing? In any case, please see #1126 |
Thanks for the quick fix, @baloo! This library has been the a joy to use! It appears as though both RFC2256 and RFC4519 both refer to short name for the |
I don't necessarily disagree with the |
The problem seems to be that Right now we order the database in terms of the RFCs which the OIDs are defined in, so |
I meant order-preserving in regard to http://www.iana.org/assignments/ldap-parameters/ldap-parameters.xhtml#ldap-parameters-3 I think the only order we currently care about is the order within a single RFC. |
Everything is ordered by RFC first: formats/const-oid/src/db/gen.rs Line 2308 in 96186bb
The ident in the Btreemap is the document id which are ordered per |
Yeah, that's what I said:
I'm not sure of a good solution though. Short of special casing it for now it seems like it would be a breaking change. |
Yeah, I'm very much worried about the blast radius if we change that logic. |
Perhaps we should open a separate issue for using the short name. Alternatively we may need a different API for |
we can also just reopen this. Made that, but I'm not convinced this is the right solution: |
I'll try to implement a logic to respect the ordering of the IANA table, just to get an idea of what is going to break. |
@baloo the ability to iterate over all of the names associated with an OID, rather than just one, would seem to be a clean solution to this problem that doesn't involve restructuring the database or adding special-case hacks, and potentially useful for other applications |
From the look of an awk output on the table, that should work. |
Description
RdnSequence.to_string()
is not producing RFC4514 compliant string representations. According to RFC4514 Section 2.1:RFC4514 Section 2.3 states the following:
Steps to Reproduce
Given the following Certification Request:
Which is interpreted by OpenSSL:
Execute the following code:
Expected Results
The subject string representation should be:
Actual Results
The RDNSequence is not reversed, and the
st
attribute type is displayed asSTATEORPROVINCENAME
.Note
This also applies to the
issuer
andsubject
attributes in a X.509 certificate.The text was updated successfully, but these errors were encountered: