[
https://issues.apache.org/jira/browse/NIFI-12272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779589#comment-17779589
]
David Handermann commented on NIFI-12272:
-----------------------------------------
Thanks for taking a look at this [~mosermw].
Reviewing NIFI-2517, we should be very careful making any changes. The RFC 1779
formatting should apply standard ordering for Java, which will be different
than other external tools like OpenSSL. If you have particular use case
details, it was be great to highlight those on that Jira issue.
> Add Standard Certificate Principal Formatting
> ---------------------------------------------
>
> Key: NIFI-12272
> URL: https://issues.apache.org/jira/browse/NIFI-12272
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Extensions
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The {{X509Certificate.getSubjectDN()}} is denigrated in favor of
> {{getSubjectX500Principal()}} and recent improvements to the main branch
> replaced legacy usage.
> The getSubjectDN method returns Distinguished Names formatted according to
> RFC 1779, which includes separating Relative Distinguished Name elements
> using spaces. This impacts configuration properties such as Identity Mapping,
> and also impacts flow designs that evaluate Certificate Subject and Issuer
> attributes.
> The default behavior of {{X500Principal.getName()}} formats Distinguished
> Names according to RFC 2253, which does not use space separators. Passing
> {{X500Principal.RFC1779}} to the {{getName()}} method follows the same
> formatting approach as {{{}getSubjectDN().getName(){}}}.
> Existing behavior should be maintained to avoid unexpected changes when
> upgrading NiFi versions, and a new utility should be introduced to provide
> standardized formatting.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
