Axeman also includes non-website certs (Code signing) and does not escape them.

Question

Axeman also includes non-website certs (Code signing) and does not escape them.

Opened this issue 5 years ago · 2 comments

Hi,

While running a custom wrapper around axeman that inserts records into a custom database format, I've found out that every now and then a special certificate comes along, example being this certificate (id 17395 on ct.googleapis.com/logs/argon2022) being a Code Signing certificate given to "SOOSAN INT CO., Ltd"

This gives multiple issues, not only does axeman not properly escape the "," character in this name but it also ends up in the all_domains field. Although the last might be wanted behaviour, the non escaped "," character isn't.

Answer 1 · 2020-01-24T01:17:05.000Z

Please ignore commit, as this is meant for issue 13

Answer 2 · 2020-01-24T11:01:37.000Z

Escaping fields is one thing, but still splitting domains on a space (' ') character will cause issues with code signing certs, as common name these will usually have the company name which most of the time contain spaces.

My current fix is to use a different character for splitting, but I'm not sure if this wouldn't break importing this into google or databases. Need some feedback on this

(For example, I use '|' instead of ' ', but there might be an even better character thats not allowed in the common name field?):
"\"" + '|'.join(cert_data['leaf_cert']['all_domains']).replace("\"", "\"\"") + "\"",