Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x5c is base64 only not b64-url-encoded #460

Closed
shiup opened this issue Jan 13, 2023 · 2 comments
Closed

x5c is base64 only not b64-url-encoded #460

shiup opened this issue Jan 13, 2023 · 2 comments
Labels

Comments

@shiup
Copy link

shiup commented Jan 13, 2023

from the specification, https://www.rfc-editor.org/rfc/rfc7517#section-4.7

 The "x5c" (X.509 certificate chain) parameter contains a chain of one
   or more PKIX certificates [RFC5280].  The certificate chain is
   represented as a JSON array of certificate value strings.  Each
   string in the array is a base64-encoded (Section 4 of [RFC4648] --
   not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.

However the logic in openidc_pem_from_x5c(x5c), is performing a openidc_base64_url_decode on the payload, then base64 it again.

@bodewig bodewig added the bug label Jan 13, 2023
@bodewig
Copy link
Collaborator

bodewig commented Jan 13, 2023

many thanks!

@shiup
Copy link
Author

shiup commented Jan 13, 2023

@bodewig thank you for such a quick turnaround 🙇‍♀️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants