New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/x509: invalid character " " in host name #43954
Comments
It looks like the Subject alternate name contains this hostname: URI:oftp://O0013000001VW KOI how was this certificate generated, it looks like the name of the machine leaked into the CSR |
It's not the name of the machine, but the Identification Code (https://tools.ietf.org/html/rfc5024#section-5.4). |
my mistake, it looked like an auto generated windows hostname |
The certificate was generated, using a proprietary tool, with the Uri as „Subject: alternative applicant“. |
The googling I did says that SANs should be valid hostnames; no space, not %, I guess PUNY code is ok, but probably not useful in this situation. |
|
Could you please provide the resources? W3 declares spaces as unsafe characters (https://www.w3.org/Addressing/URL/4_URI_Recommentations.html) - but possible. Didn’t find the definition that URIs are using the URL-scheme in WebPKI. Any reference to that? Isn’t this a contradiction, as there’re OpenSSL compatibility tests in the code and OpenSSL is ok with these certificates? |
The URI must follow RFC 3986, per RFC 5280. If I'm reading it right, RFC 3986 does not allow the space character in the host name, see URI -> hier-part -> authority -> host -> reg-name |
Thank you for pointing that out. Guess we can close this here |
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
What did you expect to see?
A connection happening, as OpenSSL
and other certificate checker (https://www.sslshopper.com/ssl-checker.html#hostname=oftpv2.volkswagen.de:6619) see a space in the certificate-URI as no issue .
What did you see instead?
tls: failed to parse certificate from server: x509: cannot parse URI "oftp://O0013000001VW KOI": parse "oftp://O0013000001VW KOI": invalid character " " in host name
The text was updated successfully, but these errors were encountered: