Page MenuHome GnuPG
Create Task
Maniphest T7171

Allow for empty Subject in X.509
Closed, ResolvedPublic
Actions

Description

RFC-5280 has somewhat complicated rules on whether the Subject may be empty. On gnupg-users a problem was described with a Sectigo issued certificate. This is the first cert I have seen with empty Subject and critical marked altSubjectName. This is valid but not supported by LibKSBA.

We need to properly parse such a cert and make sure that gpgsm can work with it.

Revisions and Commits

rK libksba
rKf2e2f320c9de Allow for an empty Subject in certs.
rG GnuPG
rGe57a2e65d93f gpgsm: Just print a note for an empty subject during import.
rGe7a9bd320561 gpgsm: Just print a note for an empty subject during import.
rG3765b42383bb sm: Emit user IDs in colon mode even if the Subject is empty.
rG1067e544c29d sm: Emit user IDs in colon mode even if the Subject is empty.

Related Objects
Search...

Event Timeline

werner triaged this task as Normal priority.Jun 20 2024, 3:12 PM
werner created this task.
werner renamed this task from Allow for empty Subject in X.508 to Allow for empty Subject in X.509.Jun 20 2024, 3:27 PM
werner added a commit: rG1067e544c29d: sm: Emit user IDs in colon mode even if the Subject is empty..Jun 21 2024, 10:21 AM
werner added a commit: rKf2e2f320c9de: Allow for an empty Subject in certs..Jun 21 2024, 10:33 AM
werner mentioned this in T7173: Release libksba 1.6.7.Jun 21 2024, 2:09 PM
werner added a commit: rG3765b42383bb: sm: Emit user IDs in colon mode even if the Subject is empty..Jul 1 2024, 3:13 PM
werner mentioned this in T7189: Release GnuPG 2.5.0.Jul 5 2024, 2:42 PM
werner mentioned this in T7030: Release GnuPG 2.4.6.Oct 21 2024, 3:29 PM
werner added a subtask: T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN".Tue, May 13, 2:58 PM
werner closed subtask T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN" as Resolved.
werner mentioned this in T6941: gpgsm/dirmngr: support for end-entity certificates with an empty "Subject DN".
werner added a commit: rGe7a9bd320561: gpgsm: Just print a note for an empty subject during import..Tue, May 13, 3:17 PM
werner added a commit: rGe57a2e65d93f: gpgsm: Just print a note for an empty subject during import..Tue, May 13, 3:19 PM
werner closed this task as Resolved.Tue, May 13, 3:21 PM
werner claimed this task.