Subject Alternative Name box does not accept IPv4 or IPv6 addresses with a...

Brought to you by: chris2511

#112 Subject Alternative Name box does not accept IPv4 or IPv6 addresses with a subnet declaration

Milestone: v1.0_(example)

Status: closed-invalid

Owner: nobody

Labels: None

Priority: 5

Updated: 2018-01-06

Created: 2016-06-07

Creator: Gary Hawkins

Private: No

According to RFC 5280 section 4.2.1.10, iPAddress entries in the Subject Alternative Name can contain an address/netmask pair. At the moment on the xca 1.3.2 interface I can only enter IPv4 or IPv6 addresses without a netmask, as the / character is not accepted as valid input.

Please can xca be fixed so that, for example, inputs like 123.45.67.0/24 or 123.45.67.0/255.255.255.0 or 2001:db8:1234::/48 are accepted into the IP address field in a Subject Alternative Name and the certificate correctly generated as per the specification in the above RFC.

Discussion

Christian Hohnstaedt - 2018-01-06

status: open --> closed-invalid
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Christian Hohnstaedt - 2018-01-06

Chapter 4.2.1.10. of RFC 5280 is about "CA Name Constraints".
The subject alternative name only supports IP addresses.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Subject Alternative Name box does not accept IPv4 or IPv6 addresses with a...

Group

Searches

Help

#112 Subject Alternative Name box does not accept IPv4 or IPv6 addresses with a subnet declaration

Discussion