Skip Menu |

This queue is for tickets about the Crypt-OpenSSL-CA CPAN distribution.

Report information
The Basics
Id: 111075
Status: new
Priority: 0/
Queue: Crypt-OpenSSL-CA

Owner: Nobody in particular
Requestors: tlhackque [...]

Bug Information
Severity: Normal
Broken in: 0.24
Fixed in: (no value)

Subject: Should have get xxAltName()
Download (untitled) / with headers
text/plain 1.2k
When issuing a certificate, the CA's subject_DN is copied to the new certificate's issuer_DN, and the CA's subjectAltName is also copied to the new certificate's issuerAltName. Similarly for CRLs. Crypt::OpenSSL::CA has no mechanism to extract the CA's subjectAltName. It should. Currently, the CA's certificate has to be run through multiple parsers to get the the need bits. E.g. to get the public key in Crypt::OpenSSL::CA::PublicKey, one has to parse with C::O::CA::parse. To get the extensions, one has to find a working parser & parse it again. This is inefficient, as well as challenging - the parsers aren't well maintained. So a general mechanism to extract an extension by name that returns it as an argument list for set_extension would be ideal. I suggest @extn = get_extension( $extname || $oid ), where @extn contains ($extname, $value, %options, %more_open_ssl_config) as required. (For extensions not built-in to OpenSSL, it may be necessary to have a define_extension that tells how to handle. I consider this secondary.) Many other useful extensions are often copied from the issuing CA's certificate. Being able to extract them in a format suitable for set_extension() would simplify the process greatly. Especially since the set_extension argument list is unique to C::O::CA::X509...

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to