Add capability to parse certificates with UPN in SAN (otherName:1.3.6.1.4.1.311.20.2.3) #98
Comments
|
Thanks for the report! I'd like to come up with a way to allow the parsing of arbitrary otherName structures. Have you implemented a workaround for your own needs? |
liff
added a commit
to liff/r509
that referenced
this issue
Jun 13, 2017
liff
added a commit
to liff/r509
that referenced
this issue
Jun 13, 2017
|
Is there a plan to include this any time soon? |
|
r509 is not actively maintained at this time. If there are people interested in becoming committers/maintainers on this project then features like this could be merged. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
r509 is currently unable to parse certificates that contain Subject Alternative Name of type otherName:UPN (=otherName:1.3.6.1.4.1.311.20.2.3), as used for Microsoft client authentication
Code currently raises an exception, e.g.:
/usr/local/rvm/gems/ruby-1.9.3-p392/gems/r509-0.10.0/lib/r509/asn1.rb:124:in `map_tag_to_short_type': Unimplemented GeneralName tag: 0. At this time R509 does not support GeneralName types other than rfc822Name, dNSName, uniformResourceIdentifier, iPAddress, and directoryName (R509::R509Error)
it would be helpful to add parsing of this name type. Initially just being able to parse the rest of the cert without error (warn perhaps?) would be enough, but eventually being able to parse and/or add this SAN would be useful
Can generate such a certificate with openssl by including
subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:username@some.domain
in the extensions section
The text was updated successfully, but these errors were encountered: