projects / platform / upstream / dotnet / runtime.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c04271b)
Permit incorrectly DER sorted SET for decoding X500 names. (#32604)
authorKevin Jones <kevin@vcsjones.com>
Thu, 20 Feb 2020 21:06:41 +0000 (16:06 -0500)
committerGitHub <noreply@github.com>
Thu, 20 Feb 2020 21:06:41 +0000 (16:06 -0500)
* Permit incorrectly DER sorted SET for decoding X500 names.

* Add comment to explain.

src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs patch | blob | history
src/libraries/System.Security.Cryptography.X509Certificates/tests/X500DistinguishedNameTests.cs patch | blob | history

diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs
index 334a2ae..877762e 100644 (file)
--- a/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/src/Internal/Cryptography/Pal.Unix/X500NameEncoder.ManagedDecode.cs
@@ -29,7 +29,9 @@ namespace Internal.Cryptography.Pal
 
             while (x500NameSequenceReader.HasData)
             {
-                rdnReaders.Add(x500NameSequenceReader.ReadSetOf());
+                // To match Windows' behavior, permit multi-value RDN SETs to not
+                // be DER sorted.
+                rdnReaders.Add(x500NameSequenceReader.ReadSetOf(skipSortOrderValidation: true));
             }
 
             // We need to allocate a StringBuilder to hold the data as we're building it, and there's the usual
diff --git a/src/libraries/System.Security.Cryptography.X509Certificates/tests/X500DistinguishedNameTests.cs b/src/libraries/System.Security.Cryptography.X509Certificates/tests/X500DistinguishedNameTests.cs
index 8981849..ce47e67 100644 (file)
--- a/src/libraries/System.Security.Cryptography.X509Certificates/tests/X500DistinguishedNameTests.cs
+++ b/src/libraries/System.Security.Cryptography.X509Certificates/tests/X500DistinguishedNameTests.cs
@@ -201,6 +201,15 @@ namespace System.Security.Cryptography.X509Certificates.Tests
             Assert.Equal("OID.1.1.1.2.2.3=123 654 7890, CN=Test", dn.Decode(X500DistinguishedNameFlags.None));
         }
 
+        [Fact]
+        public static void OrganizationUnitMultiValueWithIncorrectlySortedDerSet()
+        {
+            X500DistinguishedName dn = new X500DistinguishedName(
+                "301C311A300B060355040B13047A7A7A7A300B060355040B130461616161".HexToByteArray());
+
+            Assert.Equal("OU=zzzz + OU=aaaa", dn.Decode(X500DistinguishedNameFlags.None));
+        }
+
         public static readonly object[][] WhitespaceBeforeCases =
         {
             // Regular space.
Domain: Dotnet / Core;