UTF8String-encoded challengePassword attribute causes decode error #1783
Labels
Milestone
Comments
|
Comment from ftweedal (@frasertweedale) at 2014-12-05 03:38:59 attachment |
|
Comment from ftweedal (@frasertweedale) at 2014-12-16 04:45:16 pushed to master (cdebcd5) |
|
Comment from ftweedal (@frasertweedale) at 2017-02-27 14:09:32 Metadata Update from @frasertweedale:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue was migrated from Pagure Issue #1221. Originally filed by ftweedal (@frasertweedale) on 2014-12-04 08:18:57:
Original report: https://www.redhat.com/archives/pki-users/2014-December/msg00000.html
PKCS 9 (RFC 2985) §5.4.1 "Challenge password" states that "PKCS 9-
attribute processing systems MUST be able to recognize and process
all string types in DirectoryString values."
From RFC 5280:
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)) }
The precise cause of the error is in
com.netscape.cms.servlet.cert.scep.ChallengePassword, where derVal.getPrintableString() is called, but none of the other string encodings are tried.Proposed fix: add getDirectoryString() method to DerValue class, that checks that the tag is for one of the five string types above, then dispatches to getASN1CharString(). Also add corresponding getDirectoryString() method to DerInputStream class.
The text was updated successfully, but these errors were encountered: