Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change empty subject test certificate to include a critical SAN. #111581

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Change empty subject test certificate to include a critical SAN. #111581

wants to merge 1 commit into from
+47 −47

Conversation

vcsjones
Copy link
Member

This test was marked SkipOnPlatform for Android because the test would fail. However, it turns out that Android does support empty subjects in certificates. If the subject is empty, then the SubjectAltName extension must be marked critical. This is in accordance with RFC 5280:

If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical.

With a critical SAN extension, this test now passes on all platforms.

Fixes #70196

@vcsjones
Change empty subject test certificate to include a critical SAN.
4a1222a 
This test was marked SkipOnPlatform for Android because the test would fail. However,
it turns out that Android does support empty subjects in certificates. If the subject
is empty, then the SubjectAltName extension must be marked critical. This is in accordance
with RFC 5280:

> If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical.

With a critical SAN extension, this test now passes on all platforms.
@vcsjones vcsjones added the test-enhancement Improvements of test source code label Jan 19, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@vcsjones
Copy link
Member Author

/azp run runtime-extra-platforms

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security test-enhancement Improvements of test source code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

X509Chain.Build() does not allow empty subject name in Xamarin
2 participants
@vcsjones @bartonjs