Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rpstir2 accepts unknown critical extensions to the CA certificate #17

Open
Koenvh1 opened this issue Feb 8, 2022 · 1 comment
Open

rpstir2 accepts unknown critical extensions to the CA certificate #17

Koenvh1 opened this issue Feb 8, 2022 · 1 comment

Comments

@Koenvh1
Copy link

Koenvh1 commented Feb 8, 2022

According to https://datatracker.ietf.org/doc/html/rfc6487#section-4.8:

A certificate-using system MUST reject the
certificate if it encounters a critical extension it does not
recognize

However, based on testing with a yet unassigned critical OID, it seems like rpstir2 does in fact accept certificates when there are unknown critical extensions. I do not expect this to be have any security impact, but it is part of the specs.
@cpusoft
Copy link
Contributor

cpusoft commented Feb 18, 2022

thanks

The critical extension has been checked more carefully in the new version, and the results will be printed in the log and stored in the database.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cpusoft @Koenvh1