botan
botan copied to clipboard
randombit
Is Botan::AlternativeName othername decoding broken?
Hi, I'm developing an application based on Botan 2 (using 2.19 right now) for PKI and I'm playing around with adding OIDs as OtherName for SAN.
I'm referring to code from asn1_alt_name.cpp here on line 205.
if(obj.is_a(0, CONTEXT_SPECIFIC))
With SAN OtherName specified inside a CSR, it's not being included in the certificate generated. Changing the class tag CONTEXT_SPECIFIC to PRIVATE fixes the problem.
Here is a snippet from asn1print after change:
d= 4, l= 123: SEQUENCE d= 5, l= 3: OBJECT X509v3.SubjectAlternativeName [2.5.29.17] d= 5, l= 116: OCTET STRING d= 6, l= 114: SEQUENCE d= 7, l= 20: [1] context 81146A616E64612E7065747240676D61696C2E636F6D d= 7, l= 43: cons [0] context d= 8, l= 8: OBJECT PKIX.XMPPAddr [1.3.6.1.5.5.7.8.5] d= 8, l= 31: cons [0] context d= 9, l= 29: UTF8 STRING [email protected] d= 7, l= 45: cons [0] context d= 8, l= 3: OBJECT 2.5.4.32 d= 8, l= 38: cons [0] context d= 9, l= 36: UTF8 STRING 7bb4b9bb-9ca2-498e-879d-683afc50b314
However I'm not sure if changing the class tag is the correct thing to do. Maybe I'm missing something else.
Could somebody elaborate?
Thank you Petr
I also had a look in the current -master, and the PRIVATE asn1 class has been renamed to ExplicitContextSpecific.
enum class ASN1_Class : uint32_t { Universal = 0b0000'0000, Application = 0b0100'0000, ContextSpecific = 0b1000'0000, Private = 0b1100'0000,
Constructed = 0b0010'0000, ExplicitContextSpecific = Constructed | ContextSpecific,
NoObject = 0xFF00 };