Project

General

Profile

Development #57005

x509: support certificates with human-friendly annotations

Added by Paul Marillonnet about 1 month ago. Updated 18 days ago.

Status:
Nouveau
Priority:
Bas
Assignee:
-
Category:
-
Target version:
-
Start date:
16 Sep 2021
Due date:
% Done:

0%

Estimated time:
Patch proposed:
No
Planning:
No

Description

currently, in our private puppet repository, x509 certificates (as well as private keys) are annotated with human-friendly information.
for human-friendliness of unit-test certificates (including in software relying on lasso, e.g. authentic), such annotation would benefit from being supported by lasso.

fyi the annotation shell script relies on openssl cli, as follows :

for pem in *.pem *.key
do
    if test -r $pem
    then
        echo "  " $pem
        openssl crl2pkcs7 -nocrl -certfile $pem | openssl pkcs7 -print_certs -text -out $pem.$$-new
        openssl rsa -in $pem -text >> $pem.$$-new 2> /dev/null || /bin/true
        mv $pem.$$-new $pem
    fi
done

History

#1

Updated by Paul Marillonnet about 1 month ago

  • Tracker changed from Support to Development
#2

Updated by Benjamin Dauvergne about 1 month ago

  • Priority changed from Normal to Bas
#3

Updated by Paul Marillonnet 18 days ago

The error is triggered when trying to load the certificates using XMLSec.
Certificate-annotations should be stripped off from cert files and buffers, here and there too.

Also available in: Atom PDF