Bug 1548401 - modify X509_NAME comparison function to be case sensitive for CA name lists in SSL
Summary: modify X509_NAME comparison function to be case sensitive for CA name lists i...
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: openssl
Version: 7.6
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Tomas Mraz
QA Contact: Hubert Kario
Depends On:
Blocks: 1477664 1493181 1573736
TreeView+ depends on / blocked
Reported: 2018-02-23 12:21 UTC by Joe Orton
Modified: 2018-10-30 11:25 UTC (History)
3 users (show)

Fixed In Version: openssl-1.0.2k-13.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-10-30 11:24:02 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3221 None None None 2018-10-30 11:25:57 UTC

Description Joe Orton 2018-02-23 12:21:40 UTC
Description of problem:
Per bug 1493181, the OpenSSL internal X509_NAME comparison function for SSL_* is case insensitive; this prevents adding CA names which differ in case.  An example of public deployment of such CA names is known.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. create cert bundle with cert subject names which differ only in case
2. call SSL_load_client_CA_file() on that bundle 

Actual results:
certs differing in case in subject are treated as duplicates and one is ignored

Expected results:
both certs differing in case in subject name added to X509_NAME stack

Additional info:

Comment 11 errata-xmlrpc 2018-10-30 11:24:02 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.