Skip to content

Enforce extension uniqueness #155

New issue
New issue
Open
Open
Enforce extension uniqueness#155
@cpu

Description

@cpu
cpu
opened on Sep 10, 2023

As a breaking API change rcgen should refuse to generate certificates with duplicate extensions.

RFC 5280 §4.2 says:

A certificate MUST NOT include more than one instance of a particular extension.

This can occur with the current API in two ways:

  1. Specifying duplicate extensions within CertificateParams.custom_extensions
  2. Specifying an extension in CertificateParams.custom_extensions that has the same OID as an extension rcgen emits natively (e.g. id-ce-subjectAltName, id-ce-authorityKeyIdentifier, etc).

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions