RDN elements order shouldn't change when NATS server check for the authorization #1571
Comments
|
@nagukothapalli , Thank you for raising this issue. We've identified the problem. Golang has a specific ordering of the RDNs within the DN when serializing the contents to the string. Unfortunately this means that after parsing a certificate, what go programmatically returns as a string representing the subject may differ from the the raw value in the certificate. We're altering our comparison function in the server to account for ordering and spaces and will have a fix shortly. |
|
@ColinSullivan1 Thank you |
|
Related: golang/go#40876, golang/go#29040 |
|
@nagukothapalli thanks for reporting the issue. The next release will include better support and respect the order of the elements as they were present in the original certificate. |
|
How are we planning to release the patch? does this fix applied on 2.1.7 NATS server as a hotfix? |
|
@nagukothapalli Working on releasing a 2.1.8 release as soon as possible (maybe today). |
NATS server changes the sequence of the DN element in the principal name of the cert while authorization. Also, it removes the after the comma in the principal name string.
It should exact match of the DN from the cert string. And it shouldn’t remove the spaces. Please find the examples below.
Actual cert: CN=hostname, O=company name, OU=ou, L= location, ST=state, C=country
Using certificate subject for auth ["CN=hostname,OU=ou,O=company name,L=location,ST=state,C=country"]
In my above example, we can see that OU and O elements got interchanged which authorization and removed spaces
And the same issue observed with DC elements as well.
Please let me know if you need any more details from my side.
Thank you.
The text was updated successfully, but these errors were encountered: