From b0b49e109882d33d15579a3f0e70f7d1df886e38 Mon Sep 17 00:00:00 2001 From: Pritesh Nandgaonkar Date: Wed, 2 Jun 2021 03:51:00 -0700 Subject: [PATCH] Handle CN greater than 64 character length Summary: This diff handles the case when the CN(subject Common) is greater than 64. CN in our case is an appId, which can be greater than 64 length. Have a look at this [issue](https://fb.workplace.com/groups/flippersupport/permalink/1142641402883183/). In this issue the appID was `com.facebook.internal.focusrepresentativeapp.development.localDevelopment` See this [discussion on stack](https://unix.stackexchange.com/questions/234324/openssl-self-signed-certificate-with-a-common-name-longer-than-64-bytes) overflow to understand about the limit of 64. This diff checks the length first and then defaults the CN to be "com.flipper". Reviewed By: jknoxville Differential Revision: D28807389 fbshipit-source-id: ca01ccd5d31a51826df49f943414c42bf902be89 --- xplat/Flipper/CertificateUtils.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xplat/Flipper/CertificateUtils.cpp b/xplat/Flipper/CertificateUtils.cpp index 5b6325394..60db2aba7 100644 --- a/xplat/Flipper/CertificateUtils.cpp +++ b/xplat/Flipper/CertificateUtils.cpp @@ -43,7 +43,7 @@ bool generateCertSigningRequest( const char* subjectProvince = "CA"; const char* subjectCity = "Menlo Park"; const char* subjectOrganization = "Flipper"; - const char* subjectCommon = appId; + const char* subjectCommon = strlen(appId) >= 64 ? "com.flipper" : appId; X509_REQ* x509_req = X509_REQ_new(); EVP_PKEY* pKey = EVP_PKEY_new();