You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I try to have a certificate signed with a subject name like:
""ValueWith/Inside""
or
""ValueWith=Inside""
the GDS Server signing fails:
I call it like so:
var certificateRequest = PushClient.CreateSigningRequest(certGroup, appCertType, subjectName, regeneratePrivateKey, nonce);
var requestId = GdsClient.StartSigningRequest(appId, null, null, certificateRequest);
var certificate = GdsClient.FinishRequest(appId, requestId, out byte[] privateKey, out byte[][] issuerCertificates);
I read the spec. that this is the correct way to provide a value that contains a '/' or a '=' - please correct me if I maybe misread it:
"If the value contains a ‘/’ or a ‘=’ then it shall be enclosed in double quotes (‘”’)." https://reference.opcfoundation.org/GDS/v105/docs/7.9.4
@romanett, just note that per the spec, the CertificateManager may ignore the subject passed to it in StartNewKeyPairRequest or StartSigningRequest (and I have seen it happen). For this reason, a Server that does not support changing the subject name in this way won't be interoperable, I think.
In the ConfigurationNode Manager we do exactly this and ignore the provided Subject Name to keep the running server consistent with the Name specified in the xml configuration.
The GDS does of course allow applications to specifiy their subject name.
To me it seems we are missing a parsing step in the X509Utils.ParseDistinguishedName.
Type of issue
Current Behavior
When I try to have a certificate signed with a subject name like:
""ValueWith/Inside""
or
""ValueWith=Inside""
the GDS Server signing fails:
I call it like so:
var certificateRequest = PushClient.CreateSigningRequest(certGroup, appCertType, subjectName, regeneratePrivateKey, nonce);
var requestId = GdsClient.StartSigningRequest(appId, null, null, certificateRequest);
var certificate = GdsClient.FinishRequest(appId, requestId, out byte[] privateKey, out byte[][] issuerCertificates);
I read the spec. that this is the correct way to provide a value that contains a '/' or a '=' - please correct me if I maybe misread it:
"If the value contains a ‘/’ or a ‘=’ then it shall be enclosed in double quotes (‘”’)."
https://reference.opcfoundation.org/GDS/v105/docs/7.9.4
Expected Behavior
works fine, certificate is signed.
Steps To Reproduce
No response
Environment
Anything else?
No response
The text was updated successfully, but these errors were encountered: