Package: tinyca2
Version: 0.7.5-2
Severity: important
Tags: security
Create a certificate request with multiple common names, like this:
openssl req -newkey rsa:2048 -keyout the.key -out the.req -nodes \
-multivalue-rdn \
-subj '/C=US/ST=Virginia/L=FOO/O=BAR/OU=BAZ/CN=one+CN=two+CN=three'
When you import the request into tinyca2, there is no indication there
is more than one common name — it just displays one of them. When you
sign the cert, it puts all of them into the cert...
So, it is very easy to wind up signing identities you had no intention
whatsoever of signing.
There is a workaround: if you right-click the request, and click view
request, the full OpenSLL output will show all the common names.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
