Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change empty subject test certificate to include a critical SAN. #111581

Merged
merged 2 commits into from
Jan 25, 2025
Merged

Change empty subject test certificate to include a critical SAN. #111581

merged 2 commits into from
Jan 25, 2025

Conversation

vcsjones
Copy link
Member

This test was marked SkipOnPlatform for Android because the test would fail. However, it turns out that Android does support empty subjects in certificates. If the subject is empty, then the SubjectAltName extension must be marked critical. This is in accordance with RFC 5280:

If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical.

With a critical SAN extension, this test now passes on all platforms.

Fixes #70196

@vcsjones
Change empty subject test certificate to include a critical SAN.
4a1222a 
This test was marked SkipOnPlatform for Android because the test would fail. However,
it turns out that Android does support empty subjects in certificates. If the subject
is empty, then the SubjectAltName extension must be marked critical. This is in accordance
with RFC 5280:

> If the subject field contains an empty sequence, then the issuing CA MUST include a subjectAltName extension that is marked as critical.

With a critical SAN extension, this test now passes on all platforms.
@vcsjones vcsjones added the test-enhancement Improvements of test source code label Jan 19, 2025
@vcsjones
Copy link
Member Author

/azp run runtime-extra-platforms

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

This was referenced Jan 24, 2025
Open
Open
Open
@vcsjones vcsjones merged commit f91ff5e into dotnet:main Jan 25, 2025
85 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bartonjs bartonjs bartonjs approved these changes

Assignees

@vcsjones vcsjones

Labels
area-System.Security test-enhancement Improvements of test source code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

X509Chain.Build() does not allow empty subject name in Xamarin
2 participants
@vcsjones @bartonjs