You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PKCS 9 (RFC 2985) §5.4.1 "Challenge password" states that "PKCS 9-
attribute processing systems MUST be able to recognize and process
all string types in DirectoryString values."
The precise cause of the error is in com.netscape.cms.servlet.cert.scep.ChallengePassword, where derVal.getPrintableString() is called, but none of the other string encodings are tried.
Proposed fix: add getDirectoryString() method to DerValue class, that checks that the tag is for one of the five string types above, then dispatches to getASN1CharString(). Also add corresponding getDirectoryString() method to DerInputStream class.
The text was updated successfully, but these errors were encountered:
This issue was migrated from Pagure Issue #1221. Originally filed by ftweedal (@frasertweedale) on 2014-12-04 08:18:57:
Original report: https://www.redhat.com/archives/pki-users/2014-December/msg00000.html
PKCS 9 (RFC 2985) §5.4.1 "Challenge password" states that "PKCS 9-
attribute processing systems MUST be able to recognize and process
all string types in DirectoryString values."
From RFC 5280:
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)) }
The precise cause of the error is in
com.netscape.cms.servlet.cert.scep.ChallengePassword
, where derVal.getPrintableString() is called, but none of the other string encodings are tried.Proposed fix: add getDirectoryString() method to DerValue class, that checks that the tag is for one of the five string types above, then dispatches to getASN1CharString(). Also add corresponding getDirectoryString() method to DerInputStream class.
The text was updated successfully, but these errors were encountered: