Majic Projects
Gimmecert
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Gimmecert / Closed Bug report GC-26 Wrong issuer DN for end entity certificates when CA hierarchy depth is 2 or more
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Bug report
  • Category
    General
  • Targetted for
    0.2.0
  • Status
    Closed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (1)
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    2 hours
  • Time spent
    1 hour
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
  • Reproducability
    Always
  • Severity
    Not determined
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

When issuing end entity certificates (client/server) after the CA hierarchy has been initialised with depth of 2 or more, the resulting issuer DN encoded in the end entity certificate is wrong. The value should be the subject DN of issuing CA, but instead of that the encoded value is set to the issuing CA's own issuer.

For example, if we have Level 1 CA, Level 2 CA, and server certificate server1, the issuer for server1 will be set to subject DN of Level 1 CA.

For all other purposes, however, the certificate has been correctly issued (e.g. the correct private key got used for signing).

Steps to reproduce this issue

Reproduction steps:

  1. Set-up a new Python virtual environment and install Gimmecert:

    mkdir /tmp/gimmecertbug
    mkvirtualenv -p /usr/bin/python3 -a /tmp/gimmecertbug gimmecertbug
    pip install gimmecert
  2. Set-up 4-deep CA hierachy:

    cd /tmp/gimmecertbug/
    gimmecert init -d 4
  3. Issue a server certificate:

    gimmecert server server1
  4. Check the issuer DN of server certificate:

    openssl x509 -issuer -noout -in .gimmecert/server/server1.cert.pem

Expected results:

  1. Output from OpenSSL command is issuer=CN = gimmecertbug Level 4 CA

Actual results:

  1. Output from OpenSSL command is issuer=CN = gimmecertbug Level 3 CA
Todos (0 / 0)
There are no comments