Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9472

Use OpenSSL::X509::Name#to_utf8

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.1
    • Component/s: None
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Previously if puppet agents or servers used a cert issued by a CA containing non-US ASCII characters, then the agent would not correctly render the name of the CA in its output, such as when running "puppet ssl verify"
    • QA Risk Assessment:
      Needs Assessment

      Description

      Calling OpenSSL::X509::Name#to_s with a non USASCII string generates a binary ruby string, which can cause problems when later string operations are performed. We should always use the to_utf8 method instead.

      irb(main):013:0> name = "CN=root-ca-天"
      => "CN=root-ca-天"
      irb(main):014:0>
      irb(main):015:0>  OpenSSL::X509::Name.parse(name).to_s
      => "/CN=root-ca-\\xE5\\xA4\\xA9"
      irb(main):016:0>  OpenSSL::X509::Name.parse(name).to_s.encoding
      => #<Encoding:ASCII-8BIT>
      irb(main):017:0>  OpenSSL::X509::Name.parse(name).to_utf8
      => "CN=root-ca-天"
      

        Attachments

          Activity

            People

            • Assignee:
              josh Josh Cooper
              Reporter:
              josh Josh Cooper
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support