[release/6.0] Require UTF8 encoding in GetX509NameInfo #59172
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #59116 to release/6.0
/cc @bartonjs @vcsjones
Customer Impact
Customers trying to inspect metadata, on Linux, on an X.509 certificate where the subject CN or issuer CN contains non-ASCII data. Instead of the .NET string containing the non-ASCII characters correctly, the string contains the non-ASCII characters literally encoded into the string using the
\U0123
format (with a capital U).The most common use of a certificate CN is a domain name, which is why this got overlooked in testing. But email (S/MIME) is usually someone's name, and certificate authorities use descriptive names.
Reported externally, via https://stackoverflow.com/questions/69105533/net-5-x509certificate-getnameinfo-uppercases-unicode-escape-characters
Testing
ASCII data is covered by existing tests.
Non-ASCII data, specifically Cyrillic, has been added in a test with this PR.
Risk
Low, based on the existing and new tests, and scoped change.