-
Notifications
You must be signed in to change notification settings - Fork 17.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509/pkix: Name.String() rfc2253 AttributeTypes #41750
Comments
CC @FiloSottile, @agl, @rsc per owners. |
This sounds good, we'd take a PR for it. |
Change https://golang.org/cl/263177 mentions this issue: |
@FiloSottile i've added the new method |
Adding an API would require a proposal, and since this is already implementing an obsolete RFC, I don't think we'll want to do that.
Sounds good, thanks! It would be useful for review to have a reference in the CL or in the comments of where the OIDs come from.
This might be ok, but is there a clear line to draw to explain why support these attributes and not more? I would like not to start maintaining an ever-growing registry. |
Sorry didn't know about that. I thought we need the new method because as you said "I would like not to start maintaining an ever-growing registry" and it's absolute OK, but i think it's a good idea if API give pass custom attributes map with using all power converting rdn sequence that general String method already has.
They come from https://tools.ietf.org/html/rfc2253#section-2.3, currently we have 7 from 9 attributes from rfc2253 and two custom: SERIALNUMBER and POSTALCODE.
My thoughts and concept of style (that's why i called with StyledString ) was about BC library https://github.com/bcgit/bc-java/blob/master/core/src/main/java/org/bouncycastle/asn1/x509/X509Name.java#L263-L294 I think that we could add DC and UID in the current attributeTypeNames, to be complient with rfc 2253. We could use this new method like this if current String is not suitable:
What do you think ? |
The current RFC 5280 section 4.1.2.4 states
It also explicitly demands that
In particular the domainComponent RDN is quite important for designing modern PKIs, so I suggest to include the listed attributes, including the DC in the attributeTypeNames map which will result in proper representation within String(). #44536 was raised to address this. However, this does not include the UID RDN, as this is not an OID that is required by RFC 5280. |
Change https://golang.org/cl/295391 mentions this issue: |
@FiloSottile StyledString support would be a very handy API to not have to maintain a list of OIDs all the time. I encountered the same problem the other day, that the email address was unreadable. How likely is it that this proposal will be accepted? |
What is holding golang.org/cl/295391 back to getting merged? It's been open for over 3 years? |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?What did you do?
Print the issuer (or subject) dn from an x509 certificate:
According to https://tools.ietf.org/html/rfc2253#section-2.3
we have this table of
But currently in crypto/x509/pkix we have this
Could you please add "DC" and "UID" ?
Or maybe could we have special method to pass additional attributeTypeNames for custom converting x509name to the string.
What did you expect to see?
What did you see instead?
The text was updated successfully, but these errors were encountered: