Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/x509: DN OU ordering #29040

Open
rikkuness opened this issue Nov 30, 2018 · 3 comments
Open

crypto/x509: DN OU ordering #29040

rikkuness opened this issue Nov 30, 2018 · 3 comments
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unreleased

Comments

@rikkuness
Copy link

What version of Go are you using (go version)?

$ go version
go version go.1.11.1 linux/amd

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
linux amd64

What did you do?

When getting the subject of a certificate through cert.Subject.String(), where the DN has multiple OU's, the OU's are in a backwards order and joined with a '+'

https://play.golang.org/p/hKtL6TEeln5

What did you expect to see?

CN=Example User,OU=Upper,OU=Lower,O=My Org,C=GB

What did you see instead?

CN=Example User,OU=Lower+OU=Upper,O=My Org,C=GB
@gopherbot gopherbot added this to the Unreleased milestone Nov 30, 2018
@agnivade agnivade added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Dec 1, 2018
@agnivade
Copy link
Contributor

agnivade commented Dec 1, 2018

/cc @FiloSottile

@mengzhuo
Copy link
Contributor

mengzhuo commented Dec 6, 2018

When getting the subject of a certificate through cert.Subject.String(), where the DN has multiple OU's, the OU's are in a backwards order and joined with a '+'

It's a multi-valued RDN described in RFC2253 section 2.
https://www.ietf.org/rfc/rfc2253.txt

@rikkuness
Copy link
Author

Interesting, so it's technically a valid RDN as per the RFC, the frustration I guess is that I can't just feed that straight then into gopkg.in/ldap.v2 to retrieve that object. Whereas say in nginx, nodejs etc. querying the subject string I'd get a DN that I could lookup in LDAP.

Am I misunderstanding the use of a multivalue? It seems to suggest that in this case the OU could be either one or the other where in the directory it's actually a nested OU and as such has a fixed order.

@FiloSottile FiloSottile changed the title x/crypto/x509: DN OU ordering crypto/x509: DN OU ordering Mar 8, 2019
@wallyqs wallyqs mentioned this issue Aug 31, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@mengzhuo @agnivade @rikkuness @gopherbot