-
Notifications
You must be signed in to change notification settings - Fork 17.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
asn1 rejects * in printable string #850
Labels
Comments
I actually have isPrintable bodged locally for just this reason. Getting the cert using: $ openssl s_client -tls1 -connect gist.github.com:443 And dumping it by pasting it into: $ openssl asn1parse -inform PEM Shows that the commonName is, indeed a PrintableString. That's bogus and the certificate is technically broken. However, including wildcards is pretty common in a certificate. commonNames with wildcards should be T61Strings or IA5Strings (like the *.google.com cert which uses T61). Because PrintableString is the default, we can't create certificates with wildcards in them either. From RFC 5280, the CommonName is actually a CHOICE. We don't deal with this very well because we only have one string type: X520CommonName ::= CHOICE { teletexString TeletexString (SIZE (1..ub-common-name)), printableString PrintableString (SIZE (1..ub-common-name)), universalString UniversalString (SIZE (1..ub-common-name)), utf8String UTF8String (SIZE (1..ub-common-name)), bmpString BMPString (SIZE (1..ub-common-name)) } Thoughts: 1) Add '*' to the isPrintable enumeration. Shitty, but it seems common enough that we want to do it. 2) Automatically upgrade to a T61String or UTF8String as needed when marshaling. If you like either of those I'll send a patch. |
Seems like we have to do (1). (2) sounds good too, to avoid breaking other people. Thanks Owner changed to a...@golang.org. |
This issue was closed by revision 5f0319c. Status changed to Fixed. |
This issue was closed.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The text was updated successfully, but these errors were encountered: