x509 certificate subject parsing fail

[payload]

I want to use a client certificate containing a subjectAltName with an URI. But escaped slashes are incorrectly parsed by nodejs 0.4.10 and 0.5.5-pre. I need it for correct foaf+ssl handling.

I create such an certificate with following command

openssl req -x509 -key alice.pem -nodes -subj '/CN=alice/subjectAltName=uniformResourceIdentifier:http://localhost:8000/alice.foaf#me' -new > alice.crt

where is a "subjectAltName=uniformResourceIdentifier:http://localhost:8000/alice.foaf#me" in the subject with escaped slashes. Browsers (FF6, Chromium) parse it correctly as "Subject Alternative Name 'uniformResourceIdentifier:http://localhost:8000/alice.foaf#me'". Creating a https.Server it says

req.connection.getPeerCertificate().subject.subjectAltName == "uniformResourceIfentifier:http:"

i expect

req.connection.getPeerCertificate().subject.subjectAltName == "uniformResourceIfentifier:http://localhost:8000/alice.foaf#me"

[koichik]

Please review.

[payload]

test-tls-peer-certificate.js and the certificate looks fine.

though i didn't test it yet, cause it strangly rejects with authorizationError: 'UNABLE_TO_GET_ISSUER_CERT' on my self signed cert. 0.5 does self signed certs differently as 0.4... i wonder why i didn't noticed it before Oo

[bnoordhuis]

@koichik: LGTM. I like how it uses BIO_get_mem_ptr() instead of BIO_read().

[koichik]

@bnoordhuis - Thanks!

[thomasfr]

I have a similar problem. In my case the Subject Alternative Name gets stored as X509v3 Extension. Please take a look at this: http://groups.google.com/group/nodejs/browse_thread/thread/2d37000f449cc695 Maybe this is somehow related!?
Thanks

[bnoordhuis]

@thomasfr: It's somewhat related. Can you open a new issue?

[koichik]

@thomasfr - It will be fixed soon (#1286).

[thomasfr]

I think this #1286 will fix it. Will this be in 0.5.6 and in the 0.4 branch?
Thanks for giving me this hint!

[bnoordhuis]

Depends. The subjectAltName patch still has some quirks. If they can be resolved in time, it'll land in 0.5.6. Back-porting to 0.4? Perhaps if the patch applies cleanly.