You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
r509 is currently unable to parse certificates that contain Subject Alternative Name of type otherName:UPN (=otherName:1.3.6.1.4.1.311.20.2.3), as used for Microsoft client authentication
Code currently raises an exception, e.g.:
/usr/local/rvm/gems/ruby-1.9.3-p392/gems/r509-0.10.0/lib/r509/asn1.rb:124:in `map_tag_to_short_type': Unimplemented GeneralName tag: 0. At this time R509 does not support GeneralName types other than rfc822Name, dNSName, uniformResourceIdentifier, iPAddress, and directoryName (R509::R509Error)
it would be helpful to add parsing of this name type. Initially just being able to parse the rest of the cert without error (warn perhaps?) would be enough, but eventually being able to parse and/or add this SAN would be useful
Can generate such a certificate with openssl by including
Thanks for the report! I'd like to come up with a way to allow the parsing of arbitrary otherName structures. Have you implemented a workaround for your own needs?
liff
added a commit
to liff/r509
that referenced
this issue
Jun 13, 2017
r509 is not actively maintained at this time. If there are people interested in becoming committers/maintainers on this project then features like this could be merged.
r509 is currently unable to parse certificates that contain Subject Alternative Name of type otherName:UPN (=otherName:1.3.6.1.4.1.311.20.2.3), as used for Microsoft client authentication
Code currently raises an exception, e.g.:
/usr/local/rvm/gems/ruby-1.9.3-p392/gems/r509-0.10.0/lib/r509/asn1.rb:124:in `map_tag_to_short_type': Unimplemented GeneralName tag: 0. At this time R509 does not support GeneralName types other than rfc822Name, dNSName, uniformResourceIdentifier, iPAddress, and directoryName (R509::R509Error)
it would be helpful to add parsing of this name type. Initially just being able to parse the rest of the cert without error (warn perhaps?) would be enough, but eventually being able to parse and/or add this SAN would be useful
Can generate such a certificate with openssl by including
subjectAltName=otherName:1.3.6.1.4.1.311.20.2.3;UTF8:username@some.domain
in the extensions section
The text was updated successfully, but these errors were encountered: