x509 certificate subject parsing fail #1568
Comments
|
Please review. |
|
test-tls-peer-certificate.js and the certificate looks fine. though i didn't test it yet, cause it strangly rejects with authorizationError: 'UNABLE_TO_GET_ISSUER_CERT' on my self signed cert. 0.5 does self signed certs differently as 0.4... i wonder why i didn't noticed it before Oo |
|
@koichik: LGTM. I like how it uses |
|
@bnoordhuis - Thanks! |
|
I have a similar problem. In my case the Subject Alternative Name gets stored as X509v3 Extension. Please take a look at this: http://groups.google.com/group/nodejs/browse_thread/thread/2d37000f449cc695 Maybe this is somehow related!? |
|
@thomasfr: It's somewhat related. Can you open a new issue? |
|
I think this #1286 will fix it. Will this be in 0.5.6 and in the 0.4 branch? |
|
Depends. The subjectAltName patch still has some quirks. If they can be resolved in time, it'll land in 0.5.6. Back-porting to 0.4? Perhaps if the patch applies cleanly. |
I want to use a client certificate containing a subjectAltName with an URI. But escaped slashes are incorrectly parsed by nodejs 0.4.10 and 0.5.5-pre. I need it for correct foaf+ssl handling.
I create such an certificate with following command
openssl req -x509 -key alice.pem -nodes -subj '/CN=alice/subjectAltName=uniformResourceIdentifier:http://localhost:8000/alice.foaf#me' -new > alice.crt
where is a "subjectAltName=uniformResourceIdentifier:http://localhost:8000/alice.foaf#me" in the subject with escaped slashes. Browsers (FF6, Chromium) parse it correctly as "Subject Alternative Name 'uniformResourceIdentifier:http://localhost:8000/alice.foaf#me'". Creating a https.Server it says
req.connection.getPeerCertificate().subject.subjectAltName == "uniformResourceIfentifier:http:"
i expect
req.connection.getPeerCertificate().subject.subjectAltName == "uniformResourceIfentifier:http://localhost:8000/alice.foaf#me"
The text was updated successfully, but these errors were encountered: