From 406565af5c5ad951e9dc0e6e831709b10edfb510 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sun, 16 Jan 2022 18:02:19 +0000 Subject: [PATCH] tls: represent registeredID numerically always Refs: https://github.com/nodejs/node/commit/466e5415a2b7b3574ab5403acb87e89a94a980d1 --- src/crypto/crypto_common.cc | 7 +++---- test/parallel/test-x509-escaping.js | 6 +++--- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/crypto/crypto_common.cc b/src/crypto/crypto_common.cc index 53d9d949457c8f..b7f0dbcf8b676a 100644 --- a/src/crypto/crypto_common.cc +++ b/src/crypto/crypto_common.cc @@ -773,11 +773,10 @@ static bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) { #endif } } else if (gen->type == GEN_RID) { - // TODO(tniessen): unlike OpenSSL's default implementation, never print the - // OID as text and instead always print its numeric representation, which is - // backward compatible in practice and more future proof (see OBJ_obj2txt). + // Unlike OpenSSL's default implementation, never print the OID as text and + // instead always print its numeric representation. char oline[256]; - i2t_ASN1_OBJECT(oline, sizeof(oline), gen->d.rid); + OBJ_obj2txt(oline, sizeof(oline), gen->d.rid, true); BIO_printf(out.get(), "Registered ID:%s", oline); } else if (gen->type == GEN_OTHERNAME) { // TODO(tniessen): the format that is used here is based on OpenSSL's diff --git a/test/parallel/test-x509-escaping.js b/test/parallel/test-x509-escaping.js index ba11dde79b0821..4c05e2bdb7337c 100644 --- a/test/parallel/test-x509-escaping.js +++ b/test/parallel/test-x509-escaping.js @@ -81,9 +81,9 @@ const { hasOpenSSL3 } = common; hasOpenSSL3 ? 'DirName:"/C=DE/L=Berlin\\\\/CN=good.example.com"' : 'DirName:/C=DE/L=Berlin/CN=good.example.com', - // TODO(tniessen): even OIDs that are well-known (such as the following, - // which is sha256WithRSAEncryption) should be represented numerically only. - 'Registered ID:sha256WithRSAEncryption', + // Even OIDs that are well-known (such as the following, which is + // sha256WithRSAEncryption) should be represented numerically only. + 'Registered ID:1.2.840.113549.1.1.11', // This is an OID that will likely never be assigned to anything, thus // OpenSSL should not know it. 'Registered ID:1.3.9999.12.34',