[Freeipa-devel] [PATCH] 0036 Fix KRB5PrincipalName / UPN SAN comparison
Martin Babinsky
mbabinsk at redhat.com
Tue Aug 11 13:31:50 UTC 2015
On 08/11/2015 03:23 PM, Fraser Tweedale wrote:
> On Sun, Aug 09, 2015 at 08:03:47PM +1000, Fraser Tweedale wrote:
>> The attached patch fixes a bug in KRB5PrincipalName / UPN SAN
>> validation.
>>
>> Thanks,
>> Fraser
>
> For testing this, the following `openssl req' config will serve as a
> starting point; customise the names / realm as appropriate.
>
> [ req ]
> prompt = no
> encrypt_key = no
>
> distinguished_name = dn
> req_extensions = exts
>
> [ dn ]
> commonName = "alice"
>
> [ exts ]
> subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:krb5principal
>
> [ krb5principal ]
> realm = EXPLICIT:0,GeneralString:IPA.LOCAL
> principalname = EXPLICIT:1,SEQUENCE:principalname
>
> [ principalname ]
> nametype = EXPLICIT:0,INT:0
> namestring = EXPLICIT:1,SEQUENCE:namestring
>
> [ namestring ]
> part1 = GeneralString:alice
>
Thank for help, I'm ASN.1 n00b.
ACK.
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list