Bug #51: Signing CSRs with requested extensions produces certificates with duplicate extension entries. - KDE Certification Authority Tool - Redmine

Actions

Copy link

Bug #51

closed

Signing CSRs with requested extensions produces certificates with duplicate extension entries.

Added by Felix Tiede almost 12 years ago. Updated almost 12 years ago.

Status:

Closed

Priority:

High

Assignee:

Felix Tiede

Target version:

0.1.8

Start date:

11/15/2013

Due date:

11/22/2013

% Done:

100%

Estimated time:

8:00 h

Spent time:

2:00 h

Description

CSRs may contain requested extensions which may or may not be included into the certificate on the signing CAs discretion. Currently if those requested extensions are included into the certificate the CA's extensions (which are also added but with different values) might generate duplicate extension entries.

For example if a CSR contains a requested extension "X509v3 Basic Constraints" with a value "CA:FALSE", upon signing a duplicate extension entry with the exact same name and value is included into the certificate.

Signing a request with a requested extension should either include the requested extension and ignore the CA's default extension with the same name or overwrite the requested extension with the CA's extension.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

KDE Certification Authority Tool

ICalendar

Bug #51

Signing CSRs with requested extensions produces certificates with duplicate extension entries.

Updated by Felix Tiede almost 12 years ago

Updated by Felix Tiede almost 12 years ago