crypto/x509/pkix: Name.String() hex-encodes string-type ExtraNames #33093
What version of Go are you using (
The text was updated successfully, but these errors were encountered:
I read the previous spec paragraph as saying that this is the correct form when the type is unknown and expressed as a dotted decimal.
There is even an example for it in Section 5.
Can you provide an example certificate?
Here is a sample CSR:
OpenSSL shows the custom distinguished name as a string:
The OpenSSL output is preferable over the current Go output because it is human readable.
@FiloSottile Wanted to follow up on this.
The example you copied is specifically for an "octet string", hence the
I agree with @rittneje . Here is a simple example. Create a certificate with openssl:
openssl req -new -x509 -subj '/UID=foobar/' -nodes -outform DER -out cert.crt
The ASN.1 structure of the Subject DN in cert.crt:
SEQUENCE (1 elem) SET (1 elem) SEQUENCE (2 elem) OBJECT IDENTIFIER 0.9.2342.19200300.100.1.1 userID UTF8String foobar
The type is UTF8String (not for example an octect string). Requoting @rittneje from RFC 2253:
UTF8String has a string representation and does not even need conversion, so it should be printed as:
Not like go1.18.1 does:
But this is not what RFC 2253 says. RFC 2253 does not mention "non-standard attributes"; it says "does not have a string representation" which is a different thing:
Thank you for the discourse @rittneje @FiloSottile @bjanders, I am working on triaging plus fixing issues and I just stumbled upon this issue and it nerd snipped me and I've gone through parts of the specification and to accomplish a probable working fix for this, I examined expectations for ASN1 printable strings per the quoted RFCs and I've mailed out CL https://go-review.googlesource.com/c/go/+/549075 which can be a start for the fix but otherwise moved to the Go1.23 milestone.