LittleProxy fails if Subject Alternative Name for valid RFC822 Name

[krishnasathyanarayana]

The Subject Alternative Name can be following according to the RFC.

RFC822 Name= email id DNS Name=DNS name

When you have email ID in the certificate, MTIM proxy fails to create the tunnel due to exception raised in SubjectAlternativeNameHolder.parseGeneralName(List<?> nameEntry) method. From my analysis, we should call this method to check only for a valid DNS name. The validation we should do should limit to RFC compliant values and we should ignore the email IDs and consider only DNS names.

The easy fix is to remove exception and in SubjectAlternativeNameHolder.add(Collection<List<?>> subjectAlternativeNames) check for valid DNS name before calling the parseGeneralName() method. Looking at the code it should be sufficient without any other changes. Please review.

Refer to http://www.pkiglobe.org/subject_alt_name.html for additional information.

This problem was encountered in a couple of our servers that has RFC822 Name in SAN.

[ganskef]

This is a Bug. A valid SAN has a GeneralName which contains more than DNS name and IP address. The valid range is 0..8. I'll fix this. And I'm wondering if an exception is the right choice at this point. Simply ignore an invalid value could be better here.