-
Bug
-
Resolution: Won't Fix
-
P4
-
None
-
8
-
None
Some X.509 certificates contain more than one Extended Key Usage extension. For example,
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2116111101 (0x7e214afd)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=com.apple.kerberos.kdc, O=System Identity
Validity
Not Before: Aug 29 13:16:16 2013 GMT
Not After : Aug 24 13:16:16 2033 GMT
Subject: CN=com.apple.kerberos.kdc, O=System Identity
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:90:b6:dd:74:6c:59:09:40:a7:ea:73:bb:98:ae:
20:e5:d6:07:ff:74:7a:d3:84:8d:7c:b0:3c:80:22:
36:f7:73:0b:01:66:a5:c3:55:55:c2:4f:1d:78:ba:
31:b2:33:16:85:cb:62:bb:0a:92:74:43:5e:87:f3:
a6:48:02:ba:cc:db:b7:55:ce:56:ca:ad:f1:df:83:
20:96:b4:d0:5c:0c:87:df:45:6e:0d:cf:8a:9b:63:
ca:54:76:d8:9c:8b:28:ca:bf:44:53:ff:0d:a1:86:
e3:1f:c1:9f:4a:53:ff:3c:d6:08:32:4c:68:75:b4:
fa:67:52:ea:b0:9d:3f:07:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Extended Key Usage:
1.3.6.1.5.2.3.5
Signature Algorithm: sha1WithRSAEncryption
3f:31:8b:06:21:d9:f5:d7:81:b8:9c:04:75:6b:fe:3c:6e:02:
42:79:d6:48:77:8d:46:d4:e0:07:62:31:c6:3b:5d:aa:2d:69:
24:50:3e:dd:da:5b:1e:7d:d2:b1:c1:63:37:37:01:ba:04:ac:
3e:65:50:6e:17:3e:74:d7:18:11:ed:b3:29:4d:b7:96:b6:1a:
9a:af:d1:7e:c6:fd:e7:7d:30:ac:69:99:4a:17:db:56:0a:32:
15:81:22:93:12:8d:22:f2:53:a1:4d:e1:d9:4e:b9:45:a3:2a:
4b:7e:5c:15:2a:b6:c0:b7:fa:79:40:8a:fc:a8:12:54:ee:6c:
7a:a3
-----BEGIN CERTIFICATE-----
MIICJTCCAY6gAwIBAgIEfiFK/TALBgkqhkiG9w0BAQUwOzEfMB0GA1UEAwwWY29t
LmFwcGxlLmtlcmJlcm9zLmtkYzEYMBYGA1UECgwPU3lzdGVtIElkZW50aXR5MB4X
DTEzMDgyOTEzMTYxNloXDTMzMDgyNDEzMTYxNlowOzEfMB0GA1UEAwwWY29tLmFw
cGxlLmtlcmJlcm9zLmtkYzEYMBYGA1UECgwPU3lzdGVtIElkZW50aXR5MIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQtt10bFkJQKfqc7uYriDl1gf/dHrThI18
sDyAIjb3cwsBZqXDVVXCTx14ujGyMxaFy2K7CpJ0Q16H86ZIArrM27dVzlbKrfHf
gyCWtNBcDIffRW4Nz4qbY8pUdticiyjKv0RT/w2hhuMfwZ9KU/881ggyTGh1tPpn
UuqwnT8H5wIDAQABozgwNjALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH
AwEwEgYDVR0lBAswCQYHKwYBBQIDBTANBgkqhkiG9w0BAQUFAAOBgQA/MYsGIdn1
14G4nAR1a/48bgJCedZId41G1OAHYjHGO12qLWkkUD7d2lsefdKxwWM3NwG6BKw+
ZVBuFz501xgR7bMpTbeWthqar9F+xv3nfTCsaZlKF9tWCjIVgSKTEo0i8lOhTeHZ
TrlFoypLflwVKrbAt/p5QIr8qBJU7mx6ow==
-----END CERTIFICATE-----
Currently such certificates cannot be parsed and are rejected with a CertificateException.
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2116111101 (0x7e214afd)
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=com.apple.kerberos.kdc, O=System Identity
Validity
Not Before: Aug 29 13:16:16 2013 GMT
Not After : Aug 24 13:16:16 2033 GMT
Subject: CN=com.apple.kerberos.kdc, O=System Identity
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:
00:90:b6:dd:74:6c:59:09:40:a7:ea:73:bb:98:ae:
20:e5:d6:07:ff:74:7a:d3:84:8d:7c:b0:3c:80:22:
36:f7:73:0b:01:66:a5:c3:55:55:c2:4f:1d:78:ba:
31:b2:33:16:85:cb:62:bb:0a:92:74:43:5e:87:f3:
a6:48:02:ba:cc:db:b7:55:ce:56:ca:ad:f1:df:83:
20:96:b4:d0:5c:0c:87:df:45:6e:0d:cf:8a:9b:63:
ca:54:76:d8:9c:8b:28:ca:bf:44:53:ff:0d:a1:86:
e3:1f:c1:9f:4a:53:ff:3c:d6:08:32:4c:68:75:b4:
fa:67:52:ea:b0:9d:3f:07:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication
X509v3 Extended Key Usage:
1.3.6.1.5.2.3.5
Signature Algorithm: sha1WithRSAEncryption
3f:31:8b:06:21:d9:f5:d7:81:b8:9c:04:75:6b:fe:3c:6e:02:
42:79:d6:48:77:8d:46:d4:e0:07:62:31:c6:3b:5d:aa:2d:69:
24:50:3e:dd:da:5b:1e:7d:d2:b1:c1:63:37:37:01:ba:04:ac:
3e:65:50:6e:17:3e:74:d7:18:11:ed:b3:29:4d:b7:96:b6:1a:
9a:af:d1:7e:c6:fd:e7:7d:30:ac:69:99:4a:17:db:56:0a:32:
15:81:22:93:12:8d:22:f2:53:a1:4d:e1:d9:4e:b9:45:a3:2a:
4b:7e:5c:15:2a:b6:c0:b7:fa:79:40:8a:fc:a8:12:54:ee:6c:
7a:a3
-----BEGIN CERTIFICATE-----
MIICJTCCAY6gAwIBAgIEfiFK/TALBgkqhkiG9w0BAQUwOzEfMB0GA1UEAwwWY29t
LmFwcGxlLmtlcmJlcm9zLmtkYzEYMBYGA1UECgwPU3lzdGVtIElkZW50aXR5MB4X
DTEzMDgyOTEzMTYxNloXDTMzMDgyNDEzMTYxNlowOzEfMB0GA1UEAwwWY29tLmFw
cGxlLmtlcmJlcm9zLmtkYzEYMBYGA1UECgwPU3lzdGVtIElkZW50aXR5MIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQCQtt10bFkJQKfqc7uYriDl1gf/dHrThI18
sDyAIjb3cwsBZqXDVVXCTx14ujGyMxaFy2K7CpJ0Q16H86ZIArrM27dVzlbKrfHf
gyCWtNBcDIffRW4Nz4qbY8pUdticiyjKv0RT/w2hhuMfwZ9KU/881ggyTGh1tPpn
UuqwnT8H5wIDAQABozgwNjALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUH
AwEwEgYDVR0lBAswCQYHKwYBBQIDBTANBgkqhkiG9w0BAQUFAAOBgQA/MYsGIdn1
14G4nAR1a/48bgJCedZId41G1OAHYjHGO12qLWkkUD7d2lsefdKxwWM3NwG6BKw+
ZVBuFz501xgR7bMpTbeWthqar9F+xv3nfTCsaZlKF9tWCjIVgSKTEo0i8lOhTeHZ
TrlFoypLflwVKrbAt/p5QIr8qBJU7mx6ow==
-----END CERTIFICATE-----
Currently such certificates cannot be parsed and are rejected with a CertificateException.
- relates to
-
-
- Closed
-