Hi,
I am using “openssl-1.0.1h” to do X509 certificate validation for accessing
from app1 to app2 (these are 2 separate applications).
- In app2, I have uploaded the X509 certificate generated by app1 and
I am using the following code segment in app2 to verify the certificate (when
app1 tries to login to app2).
- This code works fine for all user names, except usernames containing
a ! symbol (exclamation).
EVP_MD_CTX_init(ctx);
EVP_VerifyInit(ctx, md);
EVP_VerifyUpdate(ctx, hashdata, strlen(hashdata));
err = EVP_VerifyFinal(ctx, x509_sig, sigsize, pkey);
where pkey = public key retrieved from the certificate.
hashdata is a string calculated using the username as
follows: "system_name:domain\username: ...."
- EVP_VerifyFinal() returns success with username "test".
- But using "!test" fails at EVP_VerifyFinal() which returns an error
value --> err = 0 (67702888)
Here ! seems to be the problem character since nothing else is different b/w
the 2 cases. I am curious to know the following:
a) Do X509 certificates treat ! character differently?
b) Is there a way to handle usernames with a ! correctly, so that
certificate check passes?
c) Since hashdata is passed to EVP_VerifyUpdate(), do I need to take care
of anything while forming “hashdata” with the username?
Any response would be greatly appreciated.
Thanks and regards,
Rituparna Mitra
