000016313 - AXM- Segfault with CERTIFICATE authentication and special characters

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016313
Applies ToRSA Access Manager 4.8 Agent for Apache 
IssueAXM- Segfault with CERTIFICATE authentication and special characters
Apache segfaults and cores when certificates (verisign in this case) with special characters like ( ',', '+', '<', '>', '#',';'),are presented for CERTIFICATE authentication.
CauseIn the old RFC RFC2253 we used quotes to support special characters. It appears early attempts at quoting characters in the RSA agents may not have been carried forward.  The RFC is also vague in some examples. This has since been superceded by RFC4514 which is more detailed and has dropped the quoting and emphasizes the preferred method of escaping special characters..
Resolution

A new hotfix that supports the preferred method is available from customer support.  For backwards compatibility we still support the older quoting method.  A new parameter as been introduced to support either method.

cleartrust.agent.certificate.special_character_mode=QUOTE or ESCAPE

Contact RSA customer support and request hot fix 4.8.0.54 or later as they are cumulative.

Legacy Article IDa59076

Attachments

    Outcomes