Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6614

Allow PKCS#10 challengePassword encoded as IA5String

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.12.0
    • Component/s: None
    • Labels:
      None
    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Sprint 8

      Description

      Some versions of openssl seem to encode some challengePasswords in P10 requests as Ia5String. This is in violation to the standard, but it's rather easy to handle nevertheless.

      According to RFC2985 it should be a DirectoryString (PrintableString or UTF-8, but it should not be an IA5String. https://tools.ietf.org/html/rfc2985
      5.4.1 Challenge password

      The challengePassword attribute type specifies a password by which an
      entity may request certificate revocation. The interpretation of
      challenge passwords is intended to be specified by certificate
      issuers etc; no particular interpretation is required.

      challengePassword ATTRIBUTE ::= {
      WITH SYNTAX DirectoryString

      {pkcs-9-ub-challengePassword}

      EQUALITY MATCHING RULE caseExactMatch
      SINGLE VALUE TRUE
      ID pkcs-9-at-challengePassword
      }

      A challenge-password attribute must have a single attribute value.

      ChallengePassword attribute values generated in accordance with this
      version of this document SHOULD use the PrintableString encoding
      whenever possible. If internationalization issues make this
      impossible, the UTF8String alternative SHOULD be used. PKCS #9-
      attribute processing systems MUST be able to recognize and process
      all string types in DirectoryString values.

        Attachments

          Activity

            People

            • Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Mike Agrenius Kushner
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: