You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code in the pkcs7_get_chain method of the default token is broken. It tries do build the chain using the issuer subject string. This fails for multivalued CNs as pkcs7 and openssl use different formats on stringified subjects.
CN=Oliver Welter/UID=oliwel,DC=OpenXPKI,DC=org vs.
UID=oliwel+CN=Oliver Welter,DC=OpenXPKI,DC=org
The code in the pkcs7_get_chain method of the default token is broken. It tries do build the chain using the issuer subject string. This fails for multivalued CNs as pkcs7 and openssl use different formats on stringified subjects.
CN=Oliver Welter/UID=oliwel,DC=OpenXPKI,DC=org vs.
UID=oliwel+CN=Oliver Welter,DC=OpenXPKI,DC=org
As this also can lead to ambigouty, suggested fix is to use AIA info as in certnanny to construct the chain https://github.com/certnanny/CertNanny/blob/master/agent/lib/perl/CertNanny/Keystore.pm#L1342
A continous formatting needs to be defined and implemented with respect to other issues and as a fallback.
The text was updated successfully, but these errors were encountered: