leancrypto: Certificates are now validated by BC

The resolution of one issue is quite interesting: I had to eliminate the O, the ST and C field in the X.509 certs to make them pass. Interestingly, OpenSSL (apart from the crypto aspect) can nicely parse my X.509 cert with all name components. In addition, leancrypto did not encode the pubkey for the Composite-ML-DSA certs as a BIT STRING. The latest bug fix to leancrypto fixed it. Signed-off-by: Stephan Mueller <[email protected]>
IETF-Hackathon · Dec 11, 2024 · 7318d3e · 7318d3e
1 parent 1519230
commit 7318d3e
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 6 deletions.
diff --git a/providers/leancrypto/artifacts_certs_r4.zip b/providers/leancrypto/artifacts_certs_r4.zip
diff --git a/providers/leancrypto/gen.sh b/providers/leancrypto/gen.sh
@@ -67,14 +67,8 @@ gen_cert()
 	  --valid-to 2044210606						\
 	  --subject-cn "leancrypto test CA"				\
 	  --subject-ou "leancrypto test OU"				\
-	  --subject-o leancrypto					\
-	  --subject-st Saxony						\
-	  --subject-c DE						\
 	  --issuer-cn "leancrypto test CA"				\
 	  --issuer-ou "leancrypto test OU"				\
-	  --issuer-o leancrypto						\
-	  --issuer-st Saxony						\
-	  --issuer-c DE							\
 	  --serial 0102030405060708					\
 	  -o ${TARGETDIR}/${CA_FILENAME}				\
 	  --sk-file ${TARGETDIR}/${CA_FILENAME}.privkey			\