Uploaded image for project: 'Gazelle Security Suite'
  1. Gazelle Security Suite
  2. GSS-350

Issue with the validator for epSOS Signature V1

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 5.2.1
    • Fix Version/s: 5.3.0
    • Component/s: None
    • Labels:
      None
    • Account:
      Maintenance 2016 (MAINTENANCE2016)

      Description

      Comment coming from Juaoa
      1) When using the epSOS NCP signature v1 validator, it shows the following warning message:
      Test epSOS WP 3.4.2 - Chapter 5.4.2
      Description ExtendedKeyUsage SHOULD be included as a non-critical extension in the certificate.
      If we look at D3.4.2 - section 5.4.2 (or to the more recent D3.A.7 - section 3.2), in the ExtendedKeyUsage description, it's written: "The use of this attribute is specific for each epSOS certificate profile (see following sections)". If we look at the specific section about NCP Signature certificate (D3.4.2 - 5.4.7 or D3.A.7 - 3.7), we see that:
      "ExtendedKeyUsage" MUST NOT be included as an extension in the certificate.
      Example here: https://gazelle.ihe.net/EVSClient/tlsResult.seam?&oid=1.3.6.1.4.1.12559.11.1.2.1.4.565138 (it fails because the certificate is self-signed, but it doesn't matter for the case).
      So it seems to be there's a bit of conflict here.
      2) If the SubjectDN of the certificate doesn't contain an OU, EVSClient shows a warning:
      Test epSOS WP 3.4.2 - Chapter 5.4.1
      Description The DName SHOULD have OU.
      But if the SubjectDN contains an OU, then EVSClient shows another warning:
      Test epSOS WP 3.4.2 - Chapter 5.4.1
      Description The DName MAY have OU.
      Although this isn't critical, I don't know if it's supposed to be like that or not.

        Attachments

          Activity

            People

            • Assignee:
              aboufahj Abderrazek Boufahja (Inactive)
              Reporter:
              aboufahj Abderrazek Boufahja (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 5 hours
                5h
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 5 hours
                5h

                  Potential Duplicates