Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-2220

GetEndOfChainX509 does not return end-user cert

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.5.0
    • Fix Version/s: 1.6.0
    • Component/s: security
    • Labels:
      None

      Description

      KUDU-2091 introduced a function GetEndOfChainX509() which was supposed to return the "end-user" certificate. However, the end-user certificate is not at the end of the chain, but rather at the beginning of the chain as specificed by the RFC:

      https://tools.ietf.org/html/rfc5246#section-7.4.2

      This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sailesh Sailesh Mukil
                Reporter:
                sailesh Sailesh Mukil
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: