[okular] [Bug 403534] Wrong and misleading definition of a certificate’s subject

Yuri Chornoivan bugzilla_noreply at kde.org
Wed Jan 23 19:29:41 GMT 2019 

https://bugs.kde.org/show_bug.cgi?id=403534

Yuri Chornoivan <yurchor at ukr.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |yurchor at ukr.net

--- Comment #1 from Yuri Chornoivan <yurchor at ukr.net> ---
(In reply to Karl Ove Hufthammer from comment #0)
> In (currently line 142 of) okular/ui/certificateviewer.cpp, ‘Subject’ is
> defined as ‘The person/company that made the signature’, as is used as a
> hint to translators. But the definition is wrong. It’s actually the
> definition of ‘Issuer’, *not* of ‘Subject’.

For me, the definition is right.

>From RFC 5280 for X.509 certificate which is the main part of the signature
[1]:

The subject field identifies the entity associated with the public
   key stored in the subject public key field.  The subject name MAY be
   carried in the subject field and/or the subjectAltName extension.  If
   the subject is a CA (e.g., the basic constraints extension, as
   discussed in Section 4.2.1.9, is present and the value of cA is
   TRUE), then the subject field MUST be populated with a non-empty
   distinguished name matching the contents of the issuer field (Section
   4.1.2.4) in all certificates issued by the subject CA.  If the
   subject is a CRL issuer (e.g., the key usage extension, as discussed
   in Section 4.2.1.3, is present and the value of cRLSign is TRUE),
   then the subject field MUST be populated with a non-empty
   distinguished name matching the contents of the issuer field (Section
   5.1.2.3) in all CRLs issued by the subject CRL issuer.  If subject
   naming information is present only in the subjectAltName extension
   (e.g., a key bound only to an email address or URI), then the subject
   name MUST be an empty sequence and the subjectAltName extension MUST
   be critical.

[1] https://tools.ietf.org/html/rfc5280#section-4.1.2.6

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Okular-devel mailing list