From e02ad241ea9802275d5d12feeb5540300247c220 Mon Sep 17 00:00:00 2001
From: Sarah Gillespie <73313222+gillespi314@users.noreply.github.com>
Date: Wed, 26 Feb 2025 15:59:20 -0600
Subject: [PATCH] Allow empty values when parsing distinguished name (#26627)

---
 server/fleet/host_certificates.go      | 4 ----
 server/fleet/host_certificates_test.go | 7 ++++++-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/server/fleet/host_certificates.go b/server/fleet/host_certificates.go
index 0d7a27975d..cfb5448ae8 100644
--- a/server/fleet/host_certificates.go
+++ b/server/fleet/host_certificates.go
@@ -203,10 +203,6 @@ func ExtractDetailsFromOsqueryDistinguishedName(str string) (*HostCertificateNam
 			return nil, errors.New("invalid distinguished name, wrong key value pair format")
 		}
 
-		if len(kv[1]) == 0 {
-			return nil, errors.New("invalid distinguished name, missing value")
-		}
-
 		switch strings.ToUpper(kv[0]) {
 		case "C":
 			details.Country = strings.Trim(kv[1], " ")
diff --git a/server/fleet/host_certificates_test.go b/server/fleet/host_certificates_test.go
index e6c6219e14..e57bdfe4d8 100644
--- a/server/fleet/host_certificates_test.go
+++ b/server/fleet/host_certificates_test.go
@@ -73,7 +73,12 @@ func TestExtractHostCertificateNameDetails(t *testing.T) {
 		{
 			name:  "missing value",
 			input: "/C=US/O=Fleet Device Management Inc./OU=Fleet Device Management Inc./CN=",
-			err:   true,
+			expected: &HostCertificateNameDetails{
+				Country:            "US",
+				Organization:       "Fleet Device Management Inc.",
+				OrganizationalUnit: "Fleet Device Management Inc.",
+				CommonName:         "",
+			},
 		},
 		{
 			name:     "missing first slash",