Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport 2.1: Add support for alternative CSR headers/footers #2265

Closed
wants to merge 4 commits into from
Closed

Backport 2.1: Add support for alternative CSR headers/footers #2265

wants to merge 4 commits into from

Conversation

redtangent
Copy link
Contributor

Description

This is a backport of PR #2040.

Adds support for alternative CSR headers, as defined by RFC7468. Microsoft uses alternative footers/headers for CSR's that contain the text 'BEGIN NEW CERTIFICATE REQUEST' instead of 'BEGIN CERTIFICATE REQUEST'. This PR adds support for those CSRs.

This is an enhancement in the sense that it supports more tools, but it's also a fix for an interoperability problem. The fix comes at no cost to the API, so I think it should be backported. I'll do that once this PR is approved.

This PR fixes #767.

Status

READY

Todos

  • Tests
  • Documentation
  • Changelog updated
  • Backported

@redtangent
Add support for alternative CSR headers
e442de5 
Add support for RFC7468, and the alternative Microsoft footer/headers for CSR's
that contain the text 'BEGIN NEW CERTIFICATE REQUEST' instead of
'BEGIN CERTIFICATE REQUEST'.
@redtangent
Add Changelog entry for Mbed-TLS#767
f0737ae 
Add Changelog entry for fix for alternative header/footers in CSR's.
@redtangent
Add additional test case for alternative CSR headers
c701af3 
Add a test case for alternative headers possible for CSR's, as defined in
RFC7468.
@redtangent
Fix CSR parsing header call
f488c2e 
Change the secondary X509 CSR parsing call for the alternative MS header to only
occur if the first call fails due to the header being unfound, instead of any
call.
@RonEld RonEld added bug CLA not applicable needs-review Every commit must be reviewed by at least two team members, component-x509 labels Dec 9, 2018
@simonbutcher
Copy link
Contributor

Mbed TLS 2.1 is now End of Life, as has been announced.

Unfortunately that means no further releases of Mbed TLS 2.1 will be made, so this PR will not be merged, and is closed now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hanno-becker hanno-becker Awaiting requested review from hanno-becker

@AndrzejKurek AndrzejKurek Awaiting requested review from AndrzejKurek

Assignees
No one assigned
Labels
bug component-x509 needs-review Every commit must be reviewed by at least two team members,
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@redtangent @simonbutcher @RonEld