|Applies To||RSA Access Manager 4.8 Agent for Apache|
|Issue||AXM- Segfault with CERTIFICATE authentication and special characters|
Apache segfaults and cores when certificates (verisign in this case) with special characters like ( ',', '+', '<', '>', '#',';'),are presented for CERTIFICATE authentication.
|Cause||In the old RFC RFC2253 we used quotes to support special characters. It appears early attempts at quoting characters in the RSA agents may not have been carried forward. The RFC is also vague in some examples. This has since been superceded by RFC4514 which is more detailed and has dropped the quoting and emphasizes the preferred method of escaping special characters..|
A new hotfix that supports the preferred method is available from customer support. For backwards compatibility we still support the older quoting method. A new parameter as been introduced to support either method.
cleartrust.agent.certificate.special_character_mode=QUOTE or ESCAPE
Contact RSA customer support and request hot fix 18.104.22.168 or later as they are cumulative.
|Legacy Article ID||a59076|