We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
It seems that ToRDNSequence creates a DN with a non standard ordering.
https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go#L130
This produces a cert with the subject line: C=US, O=Example Org, OU=Security, L=City Name, ST=State, CN=server.example.org
C=US, O=Example Org, OU=Security, L=City Name, ST=State, CN=server.example.org
Note how O and OU come before state and locality, and state and locality are in the wrong order.
Typically the subject lines use this ordering: C=US, ST=State, L=City Name, O=Example Org, OU=Security, CN=server.example.org
C=US, ST=State, L=City Name, O=Example Org, OU=Security, CN=server.example.org
Some examples I've pulled from the web:
C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com C=US, ST=California, L=San Jose, O=PayPal, Inc., OU=PayPal Production, CN=paypal.com C=US, ST=CA, L=Menlo Park, O=Facebook, Inc., CN=*.facebook.com C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=www.amazon.com C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Some EV Certs, which are probably outside the scope of this bug but I thought I would include them.
1.3.6.1.4.1.311.60.2.1.3=US, 1.3.6.1.4.1.311.60.2.1.2=Delaware, businessCategory=Private Organization, serialNumber=2158113, C=US, postalCode=94043, ST=California, L=Mountain View, street=350 Ellis Street, O=Symantec Corporation, OU=Infrastructure Operations, CN=www.verisign.com businessCategory=Private Organization, 1.3.6.1.4.1.311.60.2.1.3=US, 1.3.6.1.4.1.311.60.2.1.2=Delaware, serialNumber=5157550, street=548 4th Street, postalCode=94107, C=US, ST=California, L=San Francisco, O=GitHub, Inc., CN=github.com 1.3.6.1.4.1.311.60.2.1.3=US, 1.3.6.1.4.1.311.60.2.1.2=Pennsylvania, businessCategory=Private Organization, serialNumber=754401, C=US, postalCode=15222, ST=Pennsylvania, L=Pittsburgh, street=249 Fifth Ave., O=The PNC Financial Services Group, Inc., OU=Secure Edge Server - A, CN=www.pnc.com
The text was updated successfully, but these errors were encountered:
CC @agl
Sorry, something went wrong.
Yep, good point, thanks. https://go-review.googlesource.com/#/c/13038/1 scheduled for Go 1.6.
0cced63
No branches or pull requests
It seems that ToRDNSequence creates a DN with a non standard ordering.
https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go#L130
This produces a cert with the subject line:
C=US, O=Example Org, OU=Security, L=City Name, ST=State, CN=server.example.org
Note how O and OU come before state and locality, and state and locality are in the wrong order.
Typically the subject lines use this ordering:
C=US, ST=State, L=City Name, O=Example Org, OU=Security, CN=server.example.org
Some examples I've pulled from the web:
Some EV Certs, which are probably outside the scope of this bug but I thought I would include them.
The text was updated successfully, but these errors were encountered: