View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0000062Main CAcert Websitecertificate issuingpublic2005-09-13 08:222013-01-13 15:10
ReporterSourcerer Assigned Toduane  
PriorityhighSeverityblockReproducibilityalways
Status closedResolutionfixed 
Fixed in Version2005 
Summary0000062: Interoperability between Symantec Web Security Server and CAcert
DescriptionCertificate requests from Symantec Web Security Server contain the attribute
"unstructuredName" with the value "foo\x00" (\x00 stands for a binary zero byte)

This wrong attribute leads to CAcert giving the error message "CommonName field was blank. This is usually caused by entering your own name when openssl prompt's you for 'YOUR NAME', or if you try to issue certificates for domains you haven't already verified, as such this process can't continue."

So we have two bugs here: One in the SWS software issueing a wrong attribute, badly encoded, and one in CAcert not being able to handle it. Both bugs must be fixed.
Additional InformationASN1 Dump:
  359:d=2 hl=2 l= 21 cns: cont [ 0 ]
  361:d=3 hl=2 l= 19 cons: SEQUENCE
  363:d=4 hl=2 l= 9 prim: OBJECT :unstructuredName
  374:d=4 hl=2 l= 6 cons: SET
  376:d=5 hl=2 l= 4 prim: IA5STRING :foo^@
  382:d=1 hl=2 l= 13 cons: SEQUENCE

test.csr contains the problematic unstructuredName attribute.
test4.csr contains a similar certificate that does not contain that attribute.
TagsNo tags attached.
Reviewed by
Test Instructions

Activities

2005-09-13 08:22

 

test.csr (790 bytes)    
-----BEGIN CERTIFICATE REQUEST-----
MIICDTCCAXYCAQAwgbcxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdTdWZmb2xrMRAw
DgYDVQQHEwdJcHN3aWNoMRgwFgYDVQQKEw9SYWlsIFRlY2ggR3JvdXAxJzAlBgNV
BAsTHlJhaWx3YXkgYW5kIFNpZ25hbCBFbmdpbmVlcmluZzEXMBUGA1UEAxMOcmFp
bHRlY2guY28udWsxKDAmBgkqhkiG9w0BCQEWGXBvc3RtYXN0ZXJAcmFpbHRlY2gu
Y28udWswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMzOFqRulwMZVcK8PPlh
lMRm1ObmEguJckI6kzwjKgzVMucclR+Q0WHZTuis8uZicyQmK7YBpw9f7gTh4S2U
cvDUadU1ybN47ZdSqtLOZIhaIef9gGqfn7JLjTRARXC+YyKhE/48VfLstDmIJ1km
uZlM4oJhELg1bcT+o7G31dxtAgMBAAGgFTATBgkqhkiG9w0BCQIxBhYEZm9vADAN
BgkqhkiG9w0BAQQFAAOBgQA21QAP/xhyySuOtaQ8v8gEu0zUYOxCYzmAbdKn/Ezk
1/ESt0syjLuH7JNuywdAa9DHUigKZnUzu/1aG2snrsMZPPa4VeseKykC9Q8AZIZv
KN78bzaUmUCOv03dpTzZy2737ZuCSBLORLg5kckyY66Q36Soo4imFf69RnSuqRAg
9w==
-----END CERTIFICATE REQUEST-----
test.csr (790 bytes)   

2005-09-13 08:24

 

test4.csr (762 bytes)    
-----BEGIN CERTIFICATE REQUEST-----
MIIB+DCCAWECAQAwgbcxCzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdTdWZmb2xrMRAw
DgYDVQQHEwdJcHN3aWNoMRgwFgYDVQQKEw9SYWlsIFRlY2ggR3JvdXAxJzAlBgNV
BAsTHlJhaWx3YXkgYW5kIFNpZ25hbCBFbmdpbmVlcmluZzEXMBUGA1UEAxMOcmFp
bHRlY2guY28udWsxKDAmBgkqhkiG9w0BCQEWGXBvc3RtYXN0ZXJAcmFpbHRlY2gu
Y28udWswgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANCFjFgGvwXfHUUke8Os
mPT9AtiHP3asvmSsnKcCLJK8W5YQQdDCpKncZ+2tn5ylnjAr+76IaeBn/yKxzrnz
jQCIQGBPpOFgf+EGo8gFuPRAH/IGDjltjHpG/6tiEx9U1eGbx2QDLM8GU4419yjO
BYyUNsp3XaWyyBOafetiVNRLAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQCtMpgQ
gtkXQj83jC7EnXQpyewhJB7hRVnpfMnZxQ6ke3WGENKlEP/4xna5ys6slaby7n5u
uZBIjlpdyHE5weybjQd2MsNLGAyQBfL+lTyLctxLwm62R6rgpG7KGkep6vq0lIxe
BqMJZyg63XFCGIrWI810f5xkvYoeblFPSjdSkw==
-----END CERTIFICATE REQUEST-----
test4.csr (762 bytes)   

Sourcerer

2005-09-13 08:42

administrator   ~0000009

The Symantec Web Security Software has the Version 3 for Win/NT.

duane

2005-09-13 14:50

developer   ~0000010

Ok grep bails on the null:

echo $CSR|/usr/bin/openssl req -text -noout |grep "Subject:"
Binary file (standard input) matches

However the following fixes the situation:

|/usr/bin/openssl req -text -noout |tr -d "\0"|grep "Subject:"

duane

2005-09-13 15:28

developer   ~0000011

using |tr "\\0" in the command line fixes this problem.

Issue History

Date Modified Username Field Change
2005-09-13 08:22 Sourcerer New Issue
2005-09-13 08:22 Sourcerer File Added: test.csr
2005-09-13 08:24 Sourcerer File Added: test4.csr
2005-09-13 08:42 Sourcerer Note Added: 0000009
2005-09-13 14:50 duane Note Added: 0000010
2005-09-13 14:50 duane Assigned To => duane
2005-09-13 14:50 duane Status new => @30@
2005-09-13 15:28 duane Status @30@ => closed
2005-09-13 15:28 duane Note Added: 0000011
2005-09-13 15:28 duane Resolution open => fixed
2005-09-13 15:28 duane Fixed in Version => production
2013-01-13 15:10 Werner Dworak Fixed in Version => 2005