Bug reports from Jim Basney

Question

Bug reports from Jim Basney

Closed this issue 15 years ago · 4 comments

Placeholder for davidoc

Answer 1 · 2009-11-03T21:01:25.000Z

From Jim (29/10/2009):

I'm running checkcerts.pl (downloaded today from github.com) against a
hostcert, and I get:

$ ./checkcerts.pl -t gfd125-ee.t -c
~/LIGOCA/garlic.phys.uwm.edu.cert.pem
gfd125-ee.t .. 1/? #
#
#  * * *
# Cert Subject: DC=org, DC=ligo, OU=Services, CN=garlic.phys.uwm.edu

#   Failed test 'For regular network entity certificates, there MUST NOT
be any additional characters in the DN commonName.'
#   at gfd125-ee.t line 51.
#                   'garlic.phys.uwm.edu'
#     doesn't match '(?-xism:host/([a-z0-9]+\.)+[a-z0-9]+)'
Use of uninitialized value $value in regexp compilation at gfd125-ee.t
line 79.

Maybe it's assuming that host certificates contain CN=host/fqdn and not
CN=fqdn?

Answer 2 · 2009-11-03T21:02:14.000Z

Also from Jim:

Me again. I think I'm seeing a few more false positives from
checkcerts.pl. It tells me:

#   Failed test 'nsComment is not required in EE certificates.'
#   at gfd125-host-ee.t line 149.

but my certificate doesn't contain nsComment.

It also says:

#   Failed test 'DC SHOULD be printableString (2.3)'
#   at gfd125-host-ee.t line 39.

but my certificate has DC encoded as IA5String, which is the preferred
encoding according to GFD.125 Section 3.2.4.

I agree with the other errors it found in the certificates I'm checking.
Thanks again for this very helpful tool!

Answer 3 · 2010-01-07T13:07:00.000Z

Fixed the CN=host/fqdn assumption.
Fixed reversed sense of nsComment test.

Answer 4 · 2010-01-07T17:12:51.000Z

Fixed DN encoding test bugs.