View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000062 | Main CAcert Website | certificate issuing | public | 2005-09-13 08:22 | 2013-01-13 15:10 |
Reporter | Sourcerer | Assigned To | duane | ||
Priority | high | Severity | block | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 2005 | ||||
Summary | 0000062: Interoperability between Symantec Web Security Server and CAcert | ||||
Description | Certificate requests from Symantec Web Security Server contain the attribute "unstructuredName" with the value "foo\x00" (\x00 stands for a binary zero byte) This wrong attribute leads to CAcert giving the error message "CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue." So we have two bugs here: One in the SWS software issueing a wrong attribute, badly encoded, and one in CAcert not being able to handle it. Both bugs must be fixed. | ||||
Additional Information | ASN1 Dump: 359:d=2 hl=2 l= 21 cns: cont [ 0 ] 361:d=3 hl=2 l= 19 cons: SEQUENCE 363:d=4 hl=2 l= 9 prim: OBJECT :unstructuredName 374:d=4 hl=2 l= 6 cons: SET 376:d=5 hl=2 l= 4 prim: IA5STRING :foo^@ 382:d=1 hl=2 l= 13 cons: SEQUENCE test.csr contains the problematic unstructuredName attribute. test4.csr contains a similar certificate that does not contain that attribute. | ||||
Tags | No tags attached. | ||||
Reviewed by | |||||
Test Instructions | |||||
2005-09-13 08:22
|
test.csr (790 bytes)
-----BEGIN CERTIFICATE REQUEST----- MIICDTCCAXYCAQAwgbcxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdTdWZmb2xrMRAw DgYDVQQHEwdJcHN3aWNoMRgwFgYDVQQKEw9SYWlsIFRlY2ggR3JvdXAxJzAlBgNV BAsTHlJhaWx3YXkgYW5kIFNpZ25hbCBFbmdpbmVlcmluZzEXMBUGA1UEAxMOcmFp bHRlY2guY28udWsxKDAmBgkqhkiG9w0BCQEWGXBvc3RtYXN0ZXJAcmFpbHRlY2gu Y28udWswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMzOFqRulwMZVcK8PPlh lMRm1ObmEguJckI6kzwjKgzVMucclR+Q0WHZTuis8uZicyQmK7YBpw9f7gTh4S2U cvDUadU1ybN47ZdSqtLOZIhaIef9gGqfn7JLjTRARXC+YyKhE/48VfLstDmIJ1km uZlM4oJhELg1bcT+o7G31dxtAgMBAAGgFTATBgkqhkiG9w0BCQIxBhYEZm9vADAN BgkqhkiG9w0BAQQFAAOBgQA21QAP/xhyySuOtaQ8v8gEu0zUYOxCYzmAbdKn/Ezk 1/ESt0syjLuH7JNuywdAa9DHUigKZnUzu/1aG2snrsMZPPa4VeseKykC9Q8AZIZv KN78bzaUmUCOv03dpTzZy2737ZuCSBLORLg5kckyY66Q36Soo4imFf69RnSuqRAg 9w== -----END CERTIFICATE REQUEST----- |
2005-09-13 08:24
|
test4.csr (762 bytes)
-----BEGIN CERTIFICATE REQUEST----- MIIB+DCCAWECAQAwgbcxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdTdWZmb2xrMRAw DgYDVQQHEwdJcHN3aWNoMRgwFgYDVQQKEw9SYWlsIFRlY2ggR3JvdXAxJzAlBgNV BAsTHlJhaWx3YXkgYW5kIFNpZ25hbCBFbmdpbmVlcmluZzEXMBUGA1UEAxMOcmFp bHRlY2guY28udWsxKDAmBgkqhkiG9w0BCQEWGXBvc3RtYXN0ZXJAcmFpbHRlY2gu Y28udWswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCFjFgGvwXfHUUke8Os mPT9AtiHP3asvmSsnKcCLJK8W5YQQdDCpKncZ+2tn5ylnjAr+76IaeBn/yKxzrnz jQCIQGBPpOFgf+EGo8gFuPRAH/IGDjltjHpG/6tiEx9U1eGbx2QDLM8GU4419yjO BYyUNsp3XaWyyBOafetiVNRLAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQCtMpgQ gtkXQj83jC7EnXQpyewhJB7hRVnpfMnZxQ6ke3WGENKlEP/4xna5ys6slaby7n5u uZBIjlpdyHE5weybjQd2MsNLGAyQBfL+lTyLctxLwm62R6rgpG7KGkep6vq0lIxe BqMJZyg63XFCGIrWI810f5xkvYoeblFPSjdSkw== -----END CERTIFICATE REQUEST----- |
|
The Symantec Web Security Software has the Version 3 for Win/NT. |
|
Ok grep bails on the null: echo $CSR|/usr/bin/openssl req -text -noout |grep "Subject:" Binary file (standard input) matches However the following fixes the situation: |/usr/bin/openssl req -text -noout |tr -d "\0"|grep "Subject:" |
|
using |tr "\\0" in the command line fixes this problem. |
Date Modified | Username | Field | Change |
---|---|---|---|
2005-09-13 08:22 | Sourcerer | New Issue | |
2005-09-13 08:22 | Sourcerer | File Added: test.csr | |
2005-09-13 08:24 | Sourcerer | File Added: test4.csr | |
2005-09-13 08:42 | Sourcerer | Note Added: 0000009 | |
2005-09-13 14:50 | duane | Note Added: 0000010 | |
2005-09-13 14:50 | duane | Assigned To | => duane |
2005-09-13 14:50 | duane | Status | new => @30@ |
2005-09-13 15:28 | duane | Status | @30@ => closed |
2005-09-13 15:28 | duane | Note Added: 0000011 | |
2005-09-13 15:28 | duane | Resolution | open => fixed |
2005-09-13 15:28 | duane | Fixed in Version | => production |
2013-01-13 15:10 | Werner Dworak | Fixed in Version | => 2005 |