You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Subject Alternative Name can be following according to the RFC.
RFC822 Name= email id
DNS Name=DNS name
When you have email ID in the certificate, MTIM proxy fails to create the tunnel due to exception raised in
SubjectAlternativeNameHolder.parseGeneralName(List<?> nameEntry) method. From my analysis, we should call this method to check only for a valid DNS name. The validation we should do should limit to RFC compliant values and we should ignore the email IDs and consider only DNS names.
The easy fix is to remove exception and in SubjectAlternativeNameHolder.add(Collection<List<?>> subjectAlternativeNames) check for valid DNS name before calling the parseGeneralName() method. Looking at the code it should be sufficient without any other changes. Please review.
This is a Bug. A valid SAN has a GeneralName which contains more than DNS name and IP address. The valid range is 0..8. I'll fix this.
And I'm wondering if an exception is the right choice at this point. Simply ignore an invalid value could be better here.
The Subject Alternative Name can be following according to the RFC.
RFC822 Name= email id
DNS Name=DNS name
When you have email ID in the certificate, MTIM proxy fails to create the tunnel due to exception raised in
SubjectAlternativeNameHolder.parseGeneralName(List<?> nameEntry) method. From my analysis, we should call this method to check only for a valid DNS name. The validation we should do should limit to RFC compliant values and we should ignore the email IDs and consider only DNS names.
The easy fix is to remove exception and in SubjectAlternativeNameHolder.add(Collection<List<?>> subjectAlternativeNames) check for valid DNS name before calling the parseGeneralName() method. Looking at the code it should be sufficient without any other changes. Please review.
Refer to http://www.pkiglobe.org/subject_alt_name.html for additional information.
This problem was encountered in a couple of our servers that has RFC822 Name in SAN.
The text was updated successfully, but these errors were encountered: