Merge pull request #1027 from guusdk/OF-1494_Invalid_xmppAddr_SAN

OF-1494: Fix the xmppAddr SAN othername entry in generated certs.

Merge pull request #1027 from guusdk/OF-1494_Invalid_xmppAddr_SAN
OF-1494: Fix the xmppAddr SAN othername entry in generated certs.
82a6b5d3 · Dave Cridland · GitHub · bfc1d44b · 58c5314e · 82a6b5d3
Unverified Commit 82a6b5d3 authored Feb 23, 2018 by Dave Cridland Committed by GitHub Feb 23, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 4 deletions

CertificateManager.java src/java/org/jivesoftware/util/CertificateManager.java +9 -4

No files found.
--- a/src/java/org/jivesoftware/util/CertificateManager.java
+++ b/src/java/org/jivesoftware/util/CertificateManager.java
@@ -475,10 +475,15 @@ public class CertificateManager {

        // add subjectAlternativeName extension
        boolean critical = subjectDN.getRDNs().length == 0;
-        ASN1Sequence othernameSequence = new DERSequence(new ASN1Encodable[]{
-                new ASN1ObjectIdentifier("1.3.6.1.5.5.7.8.5"), new DERUTF8String( domain )});
-        GeneralName othernameGN = new GeneralName(GeneralName.otherName, othernameSequence);
-        GeneralNames subjectAltNames = new GeneralNames(new GeneralName[]{othernameGN});
+        ASN1Sequence othernameSequence = new DERSequence(
+            new ASN1Encodable[] {
+                new ASN1ObjectIdentifier("1.3.6.1.5.5.7.8.5"),
+                new DERTaggedObject( true, GeneralName.otherName, new DERUTF8String( domain ) )
+            }
+        );
+        DERTaggedObject othernameGN = new DERTaggedObject(false, GeneralName.otherName, othernameSequence);
+
+        GeneralNames subjectAltNames = GeneralNames.getInstance( new DERSequence( othernameGN ) );
        certBuilder.addExtension(Extension.subjectAlternativeName, critical, subjectAltNames);

        // add keyIdentifiers extensions