Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
2.37.0
-
None
Description
The DN format for cert properties is an exact match string. This can lead to tricky dependency on the security provider and implementation.
In addition if a properties file is generated from code, it needs to use a matching java tool.
the DN string format and parsing is defined, so there is no reason we cannot parse and normalise the values, rather than just treating them as plain strings.
the proposal is to add a normalise option, that will parse and format any DN into the local java x500Name such that it will match what is extracted from the certificate. This allows spaces and quotes and escapes to be respected (and ignored) as necessary.
it will remove the ambiguity around DN names. However because this validation would potentially flag existing config, it is not enabled by default.
Attachments
Issue Links
- links to
