Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
11.3.0
-
None
Description
Since MDEV-31855 ephemeral certificates can be issued by server.
Issue is DN is empty, and that isn't permitted according to rfc5280
The issuer field identifies the entity that has signed and issued the
certificate. The issuer field MUST contain a non-empty distinguished
name (DN).
Another problem is that java doesn't permit empty DN in certificates. Resulting certificat parsing throw error :
Caused by: java.security.cert.CertificateParsingException: Empty issuer DN not allowed in X509Certificates
|
at java.base/sun.security.x509.X509CertInfo.parse(X509CertInfo.java:656) |
at java.base/sun.security.x509.X509CertInfo.<init>(X509CertInfo.java:169) |
at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1819) |
Attachments
Issue Links
- is caused by
-
MDEV-31856 use ephemeral ssl certificates
-
- Closed
-
- relates to
-
-
- Closed
-