perl-crypt-openssl-x509 icon indicating copy to clipboard operation
perl-crypt-openssl-x509 copied to clipboard

Published 20 hours ago verified publisher icon dsully

Draft: Fixes #116, Fixes #117 - revised patch and test certs from @tlhackque

Open timlegge opened this issue 1 year ago • 4 comments
trafficstars

Description

Fixes #116, Fixes #117 by revising patch from @tlhackque. Parses some extra fields from the SAN of certificates/

Fixes/addresses (If applicable) # (issue)

Fixes #116, Fixes #117

Type of change

Please delete options that are not relevant.

  • [X] Bug fix (non-breaking change which fixes an issue)
  • [X] New feature (non-breaking change which adds functionality)
  • [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • [X] This change requires a documentation update
  • [ ] This change is maintenance to infrastructure framework or build system

Checklist

  • [X] My code follows the style guidelines of this project
  • [X] I have performed a self-review of my own code
  • [X] I have commented my code, particularly in hard-to-understand areas
  • [ ] I have made corresponding changes to the documentation
  • [X] My changes generate no new warnings
  • [ ] I have added tests that prove my fix is effective or that my feature works
  • [ ] New and existing unit tests pass locally with my changes
  • [ ] Any dependent changes have been merged and published in downstream modules
  • [ ] Changes have been manually tested (please provide information on test platform using the fields below)

Test / Development Platform Information

  • Operating system and version Ubuntu 24.04
  • Crypt::OpenSSL::X509 version 1.915
  • Perl version 5.38.2
  • OpenSSL version 3.0.13

Please see the issue template for a more information on provided the requested information.

timlegge avatar May 19 '24 02:05 timlegge

You have replaced the iPAddress binary value with the text.

I had code that dealt with the binary, don't know if anyone else did. That's why I added the text as an alternate key rather than replace the binary.

I can change my code easily enough, but that's a breaking change for anyone else...

tlhackque avatar May 19 '24 02:05 tlhackque

You have replaced the iPAddress binary value with the text.

I had code that dealt with the binary, don't know if anyone else did. That's why I added the text as an alternate key rather than replace the binary.

I can change my code easily enough, but that's a breaking change for anyone else...

That is a good point - however I believe its the best long term approach but @jonasbn would need to approve/merge. I suppose an as_text function might be an option too

timlegge avatar May 19 '24 02:05 timlegge

@jonasbn I had some free time and thought I would take a look. I would want to review the sprintfs and unpacks again before thinking about merging.

Also @tlhackque makes a couple of good points about the choices I made which could break people who were dealing with the binary in their own code.

timlegge avatar May 19 '24 02:05 timlegge

The sprintfs and unpacks are the same as what I used in Crypt::PKCS10 (quite a while ago).

tlhackque avatar May 19 '24 02:05 tlhackque