Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

asn1 rejects * in printable string #850

Closed
rsc opened this issue Jun 9, 2010 · 3 comments
Closed

asn1 rejects * in printable string #850

rsc opened this issue Jun 9, 2010 · 3 comments
Labels
FrozenDueToAge

Comments

@rsc
Copy link
Contributor

rsc commented Jun 9, 2010 

// isPrintable returns true iff the given b is in the ASN.1 PrintableString set.
func isPrintable(b byte) bool {
    return 'a' <= b && b <= 'z' ||
        'A' <= b && b <= 'Z' ||
        '0' <= b && b <= '9' ||
        '\'' <= b && b <= ')' ||
        '+' <= b && b <= '/' ||
        b == ' ' ||
        b == ':' ||
        b == '=' ||
        b == '?'
}

this excludes '*' but gist.github.com uses a certificate that says *.github.com.
@agl
Copy link
Contributor

agl commented Jun 9, 2010

Comment 1:

I actually have isPrintable bodged locally for just this reason.
Getting the cert using:
$ openssl s_client -tls1 -connect gist.github.com:443
And dumping it by pasting it into:
$ openssl asn1parse -inform PEM
Shows that the commonName is, indeed a PrintableString. That's bogus and the certificate
is technically broken. However, including wildcards is pretty common in a certificate.
commonNames with wildcards should be T61Strings or IA5Strings (like the *.google.com
cert which uses T61).
Because PrintableString is the default, we can't create certificates with wildcards in
them either.
From RFC 5280, the CommonName is actually a CHOICE. We don't deal with this very well
because we only have one string type:
X520CommonName ::= CHOICE {
      teletexString     TeletexString   (SIZE (1..ub-common-name)),
      printableString   PrintableString (SIZE (1..ub-common-name)),
      universalString   UniversalString (SIZE (1..ub-common-name)),
      utf8String        UTF8String      (SIZE (1..ub-common-name)),
      bmpString         BMPString       (SIZE (1..ub-common-name)) }
Thoughts:
  1) Add '*' to the isPrintable enumeration. Shitty, but it seems common enough that we want to do it.
  2) Automatically upgrade to a T61String or UTF8String as needed when marshaling.
If you like either of those I'll send a patch.

@rsc
Copy link
Contributor Author

rsc commented Jun 10, 2010

Comment 2:

Seems like we have to do (1).  (2) sounds good too, to avoid breaking other people.
Thanks

Owner changed to a...@golang.org.

@agl
Copy link
Contributor

agl commented Jun 10, 2010

Comment 3:

This issue was closed by revision 5f0319c.

Status changed to Fixed.

@rsc rsc added the fixed label Jun 10, 2010
@golang golang locked and limited conversation to collaborators Jun 24, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@agl @rsc @gopherbot