tracker issue : CF-4172940

select a category, or use search below
(searches all categories and all time range)

CGI Variables - Certificate Information Backwards

| View in Tracker

Status/Resolution/Reason: Closed/Withdrawn/AsDesigned

Reporter/Name(from Bugbase): John Lang / John Lang (John Lang)

Created: 07/15/2016

Components: General Server

Versions: 2016,11.0,10.0

Failure Type: Data Corruption

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Normal / All users will encounter

Locale/System: English / Win 2012 Server x64

Vote Count: 0

Problem Description:
When looking at CGI.CERT_SUBJECT or CGI.CERT_ISSUER variables from ColdFusion, the information is stored in reverse of what it should be. This affects interacting with other applications that rely on certificate strings.

Steps to Reproduce:
Install certificate in your browser & setup web server to accept them. Look at results of CGI variables and compare to Java results when pulled from...

CGI.CERT_ISSUER compared to:

CGI.CERT_SUBJECT compared to:

Actual Result:

From CGI.CERT_SUBJECT variable.. results are like..
C=1, O=2, OU=3, OU=4, OU=5, CN=6

From Java call they are..
CN=6, OU=5, OU=4, OU=3, O=2, C=1

Same happens with CGI.CERT_ISSUER

Expected Result:

Identical to Java calls

Any Workarounds:

I can use the Java calls but they are not intiuative at all. Only found by digging hard onto Stack Overflow and doing a lot of dumps to see what methods were available to me.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4172940

External Customer Info:
External Company:  
External Customer Name: John Lang
External Customer Email:  
External Test Config: My Hardware and Environment details: Windows Server 2012 R2. Both physical machines and VMs. 64 bit



Will not be fixing this, as changing the order now may have an impact on existing user code.
Comment by Immanuel N.
27575 | April 18, 2018 12:18:40 PM GMT