crypto/x509: wrong result checking signature of CSR with unordered multi-value RDN #49519
Labels
NeedsDecision
Feedback is required from experts, contributors, and/or the community before a change can be made.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I checked the signature of a CSR (Certificate Signing Request) via the CertificateRequest.CheckSignature() method.
Here is the CSR:
problem-csr-20211109.txt
Link to a runnable program: https://play.golang.org/p/R7hiD6-HmXm
What did you expect to see?
I expected to get a negative result, as the signature on the attached CSR (also embedded in the example program) was not computed according to RFC2986. In particular, the attached CSR contains an unordered multi-value RDN, that is an unordered SET OF, in its Subject field, and this was apparently ignored when the CSR was generated (RFC2986 requires DER-encoding the certificationRequestInfo component prior to signing it). So the signature, although it's cryptographically correct, was computed over the wrong data, and I'd expect a CSR validator to detect that.
A number of other tool(kit)s report the signature as invalid, which IMO is the correct result, including GnuTLS and BouncyCastle.
What did you see instead?
I got a positive result.
The text was updated successfully, but these errors were encountered: