Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6768

DirectoryName in CMP (RA mode) requests doesn't work

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.13.0
    • Component/s: None
    • Labels:
    • Issue discovered during:
      Customer
    • Sprint:
      EJBCA Sprint 11 (2 weeks), EJBCA Sprint 12 (2 weeks)

      Description

      If I send a CMP request in CMP RA mode with the requestAltName;

      directoryName=CN=tomas,C=SE,rfc822Name=tomas@primekey.se

      It will fail with the error in the linked issue.

      The reason is that the altName from the CMP Request is plucked out as a string (as above), and the altName parsing during EE profile validation then tries to figure out what altName "CN" and "C" is because they have non-escaped = signs.

       

      A proper (usable) altName String would (probably) look like:

      directoryName=CN\=tomas,C\=SE,rfc822Name=tomas@primekey.se

      This issue is named as regression because before we added support for DirectoryName in CertTools.getGeneralNameString() this request worked with "allow altname override", but now it does not work.

       

      See linked issue for details.

        Attachments

          Activity

            People

            • Assignee:
              amin Amin Khorsandi
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Samuel Lidén Borell
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 3 days
                3d
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 days
                3d