wolfssl
wolfssl copied to clipboard
wolfSSL
Validate subjAltName for uuid and similar URNs
Description
An attempt to improve validation of subjAltName to allow UUID (RFC 4122) and URNs for device identifiers (RFC 9039) in subjAltName field, but still ensuring the URN is not relative. For #5963 .
Testing
Tested
- loading custom certificate with a UUID in the subjAltName
- all tests in testsuite project pass.
It would be good to add another test to the testsuite with a certificate that uses, for example, a UUID in the subjAltName. Could someone generate a suitable certificate that fits the bill please? Then I could add the test. I don't want to put our own certificates in the repo!
Hi @PaulMartinsen,
Thanks for the bug report and PR. We do require a signed contributor agreement on file for us to accept external contributions. If you are interested, please reach out to us at support [at] wolfssl [dot] com for a copy of our contributor agreement.
Hello @PaulMartinsen ,
Thank you for your contribution. I have had a separate customer request for absolute URN support, and I need it in our upcoming release, so I've integrated your fix into my PR here: https://github.com/wolfSSL/wolfssl/pull/6181 Please let me know if you have any feedback in my PR.
Thanks, Kareem
Hi @kareem-wolfssl ; I don't see any issues. Will be good to get this incorporated.
Hello @PaulMartinsen -
It looks like this was a good and approved update, but there's currently a conflict with wolfcrypt/src/asn.c.
Would you like to resolve the commit conflict?
Hi @gojimmypi , it sounds like @kareem-wolfssl added these changes to #PR6181 , which has already been merged. So I think this one might be orphaned? Is that right @kareem-wolfssl ?
@PaulMartinsen getting back to some of the lingering pull requests. You're right that the other pull request from Kareem addressed the same issue that this one did. Closing this out in favor of the already merged one. Thanks again for opening this and feel free to reach out with any issues or code changes in the future.
