Closed
Bug 1268225
Opened 8 years ago
Closed 8 years ago
entrust: Invalid Teletext strings
Categories
(CA Program :: CA Certificate Root Program, task)
CA Program
CA Certificate Root Program
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kurt, Assigned: bruce.morton)
References
Details
There are various certificate with an invalid TeletexString / T61String. An example is: https://crt.sh/?id=17130928&opt=cablint The organisationName contains the following (hex) bytes: 56 E4 65 73 74 F6 72 65 6B 69 73 74 65 72 69 6B 65 73 6B 75 73, which should probably represent "Väestörekisterikeskus", but it's not valid. X.690 only sets defaults for G0, C0 and C1. It does not set any value for G1, so using any GR code (E4) without first selecting G1 is clearly wrong. There seem to be an assumption that 103 might be the default registration number, but that's not in any standard. Also, in 103, character 6/4 (E4) is not mapped to the 'ä'. In fact, in none of the allowed registration numbers by X.680 6/4 maps to an 'ä'. On the other hand, latin1 (ISO/IEC 8859-1) does map the character at that place. You can't just put a latin1 string in a TeletexString. Also, https://tools.ietf.org/html/rfc5280#section-4.1.2.4 says: CAs conforming to this profile MUST use either the PrintableString or UTF8String encoding of DirectoryString, with two exceptions. I don't think any of the exceptions apply.
Reporter | ||
Updated•8 years ago
|
Blocks: BR-Compliance
Comment 1•8 years ago
|
||
Hi Bruce and Jay, Please resolve the issues listed in this bug, and update the bug with progress.
Assignee: kwilson → bruce.morton
Assignee | ||
Comment 2•8 years ago
|
||
Hi Kurt/Kathleen, We are aware of this bug, do have a fix and are currently testing. Will provide update when the fix has been deployed. Thanks, Bruce.
Assignee | ||
Comment 3•8 years ago
|
||
The fix was implemented last week and this issue is not indicated by cablint at https://crt.sh/?cablint=1+week. Thanks, Bruce.
Comment 4•8 years ago
|
||
Kurt, May we close as fixed?
Reporter | ||
Comment 5•8 years ago
|
||
Yes.
Updated•8 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Updated•7 years ago
|
Product: mozilla.org → NSS
Updated•1 year ago
|
Product: NSS → CA Program
You need to log in
before you can comment on or make changes to this bug.
Description
•