PRINTABLE_STRING in signing request prevents wildcard domains #468
Labels
Comments
|
ARM Internal Ref: IOTSSL-733 |
|
Hi @kevinpt, This isn't a planned enhancement, but we would certainly welcome a community contribution that provides this as a configurable option. |
simonbutcher
added
the
help-wanted
hanno-becker
added
fix available
bug
component-x509
and removed
help-wanted
|
Fixed through #1641. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When creating a certificate signing request, x509_write_name() uses the PRINTABLE_STRING type for everything but emailAddress. This prevents the use of asterisks to create a wildcard domain as part of the common/domain name since they aren't part of that character set. The request will still be created but Openssl complains about invalid characters and stops processing the request.
It would be more useful to also use IA5_STRING for the MBEDTLS_OID_AT_CN OID.
The text was updated successfully, but these errors were encountered: