ERR_SSL_SERVER_CERT_BAD_FORMAT when certificate has "_" in CN
Reported by
feina.jo...@gmail.com,
Jan 19 2018
|
|||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 Steps to reproduce the problem: 1. Set up an apache and use a certificate that has "_" in its CN. 2. Try to access the web and you get a ERR_SSL_SERVER_CERT_BAD_FORMAT 3. Create an alternative name without "_" in it (modifying openssl.cnf and generating the certificate again). 4. Google Chrome access is correct What is the expected behavior? What went wrong? Get ERR_SSL_SERVER_CERT_BAD_FORMAT when certificate has "_" in CN. We've had the issue in two different environments. Did this work before? Yes 61 Chrome version: 63.0.3239.132 (Official Build) (64-bit) (cohort: Stable) Channel: stable OS Version: 6.1 (Windows 7, Windows Server 2008 R2) Flash Version: Shockwave Flash 28.0 r0
,
Jan 19 2018
(Alternatively, a log file recorded using these steps: https://dev.chromium.org/for-testers/providing-network-details would work)
,
Jan 29 2018
Thanks for the report. I imagine you have encoded it using a PrintableString, for which underscore is not a valid character. Either stick to characters valid for PrintableString (https://en.wikipedia.org/wiki/PrintableString), or encode with a UTF8String. Chrome doesn't generally permit invalid PrintableStrings (although it does allow them in client certificates, because of how widespread they are). |
|||
►
Sign in to add a comment |
|||
Comment 1 by elawrence@chromium.org
, Jan 19 2018Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug