string handling in hx509
Love Hörnquist Åstrand
lha at kth.se
Sun Aug 8 17:16:51 MDT 2010
Matthieu,
>>
>>> I'm trying to use heimdal x509 implementation.
>>>
>>> I have problems with decoding a certificate issued by a Windows 2008 R2 server (attached).
>>>
>>> The problem I guess lies in the fact that the name in the certificate is in UTF-16 and the code in der_get_general_string seems not to be ready for this as it expect to have NULLs at the end of the string only (if any).
>>>
>>> Gnutls and openssl have no pbs dealing with it so it seems to be quite valid.
>> The string is a PRINTABLE STRING and 37.4 in X680 lists the characters valid in printable string, and they are:
>>
>> A ... Z a ... z 0, 1, ... 9 (space) ' ( ) + , - . / : = ?
>>
>> NUL is not among them, it seems to be that this is a bug in code that the certificate.
>>
>> That said, I'm sure we can work around string types and just treat all of them as octet strings instead when dealing with X509 certificates given that is probably hard to get msft to update their broken code.
> Great, what is the solution that you propose finally ? How can I help you ?
these deltas should help you out
1be863f change variables to make more sense
1b63db9 compare right thing
fa4c84e make printablestring and ia5string octetstrings
d79063e add id-secsig-sha-1WithRSAEncryption
a0fcf92 add id-secsig-sha-1WithRSAEncryption
977badd fix printf fmt arg warning
You can find the repository here: http://github.com/heimdal/heimdal
I hope you don't mind I added your certificate to the regression tests to make sure I don't break it in the future.
Love
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100808/cb788568/attachment.bin>
More information about the samba-technical
mailing list