X509Utils crash when cert has no CN but a SAN #28
Comments
|
I checked the parsing method with a lot of different PEMs from different CAs like DigiCert, Sectigo and GlobalSign. But I never had a Certificate without a common name. I will update the method next week, so it will be able to parse X509 without subject data and will therefore take the common name out of the SAN list. I will let you know when this is done. Regards |
|
@cconstab Regards |
|
Busy here too! Thanks so much.. Colin |
|
@cconstab Release 2.7.0-rc.1 is out now. Please check if this works now. |
|
Thanks I will check and let you know! |
|
Works Perfectly THANK YOU from all of our dev team! Server viewpoint |
|
@cconstab Nice too hear. Feel free to create a issue for feature requests if you have some nice ideas on how to improve this package. |
I am checking certificates to see if the SAN/CN matches what I am expecting and everything works just fine until I started using certificates from BUYPASS.COM.
I use the same code with a LetsEncrypt and or a ZeroSSL cert and everything works as expected, I guess because they both include a CN/Subject.. Interestingly everything work fine also with a cert with a CN/Subject and SAN.. Example cert for that below also from stackoverflow..
Being a European CA they give out certificates without a CN but with a SAN and that causes a failure..
Unhandled exception:
type 'ASN1Boolean' is not a subtype of type 'ASN1OctetString' in type cast
#0 X509Utils._fetchSansFromExtension (package:basic_utils/src/X509Utils.dart:504:25)
#1 X509Utils.x509CertificateFromPem. (package:basic_utils/src/X509Utils.dart:368:18)
#2 List.forEach (dart:core-patch/growable_array.dart:282:8)
#3 X509Utils.x509CertificateFromPem (package:basic_utils/src/X509Utils.dart:364:28)
#4 main (file:///C:/Users/colin/Github/certcheck/bin/certcheck.dart:8:24)
#5 _startIsolate. (dart:isolate-patch/isolate_patch.dart:299:32)
#6 _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:168:12)
Process finished with exit code 255
Small bit of sample code
import 'dart:io';
import 'package:basic_utils/basic_utils.dart';
void main(List arguments) {
var x509Pem = new File('testlab.pem').readAsStringSync();
var data = X509Utils.x509CertificateFromPem(x509Pem);
var subjectAlternativeName = data.subjectAlternativNames;
print("SAN: ${subjectAlternativeName}");
var commonName = data.subject["2.5.4.3"];
print("CN: ${commonName}");
print("---------------");
}
and a test.lab.shaduf.com cert to test with..
-----BEGIN CERTIFICATE-----
MIIGQzCCBCugAwIBAgIKWNF1YknimMXcJzANBgkqhkiG9w0BAQsFADBLMQswCQYD
VQQGEwJOTzEdMBsGA1UECgwUQnV5cGFzcyBBUy05ODMxNjMzMjcxHTAbBgNVBAMM
FEJ1eXBhc3MgQ2xhc3MgMiBDQSA1MB4XDTIwMDkzMDAzMTg1N1oXDTIxMDMyOTIx
NTkwMFowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdi82GXyrIB
6syElYZjAcDsovgVi75Ha+BQEfFNZEk7gx9hKJjKqtS4ml+I/jeYkkBZJKkRZ/QB
kDxP+C3katM3QhZ1Ro/uJDh7lx60+S2W3By+rVJdR0JKs1kxalq/fkC/rMSCPRSr
Sb7DakuQNDytqMvwI3Be60L5UIt+vzITKS+zXru/DsK75I0DmObKzvWVyPdI3KRX
NpJfHYqAdN3AQIlftqrwuOwjPCVfSfmpQ/kWSBPnLMX4JJjNTrpR+bO8Zeh6AcnV
ZrmF9nflYC4LE8P/WPY4l6+3MXhmZLI6cFRKjHrb+TsqJqU6RUZ7Kdcy0whf9Plq
lWdhP3BaAfcCAwEAAaOCAnIwggJuMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUJ1Kk
by0qq0CTkOzWacv+fGE7fEIwHQYDVR0OBBYEFCeb0lXIYklGgxzvQrx7jEuWGfOW
MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
HwYDVR0gBBgwFjAKBghghEIBGgECBzAIBgZngQwBAgEwOgYDVR0fBDMwMTAvoC2g
K4YpaHR0cDovL2NybC5idXlwYXNzLm5vL2NybC9CUENsYXNzMkNBNS5jcmwwIQYD
VR0RAQH/BBcwFYITdGVzdC5sYWIuc2hhZHVmLmNvbTBqBggrBgEFBQcBAQReMFww
IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmJ1eXBhc3MuY29tMDUGCCsGAQUFBzAC
hilodHRwOi8vY3J0LmJ1eXBhc3Mubm8vY3J0L0JQQ2xhc3MyQ0E1LmNlcjCCAQQG
CisGAQQB1nkCBAIEgfUEgfIA8AB1APZclC/RdzAiFFQYCDCUVo7jTRMZM7/fDC8g
C8xO8WTjAAABdN0FN7EAAAQDAEYwRAIgArAvLNqvUrMg/vDQu8zNgsoGahFodt2O
faPW/w07BZICIHek8n/zq1lbW58XForWdbXZ6ogqd5YgaVNS5Gy6jukYAHcARJRl
LrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAF03QUv+wAABAMASDBGAiEA
14996HrGYMCydAXZDFOUF3yt2V26IEb3lfLY3nPmTzMCIQC6Fto0DF97qpHgCAaf
YS2MFKbiTYN+HTv5+nDcoE886TANBgkqhkiG9w0BAQsFAAOCAgEAqZigbgUbLZse
PAUc+SDyPu456PoGHFTF7qUgOPJd5roARLcpiI8zxr8zSIirrlzfdUgRozdzGL7Y
hJ3XtNlg5F/WDQHWC6XeJSXyLzlnaqnvEckkHrvW2PfX+JsdgaIue9/mjZfqe1nk
/jJwK2ftw40l4sfxIpmNP3zjCzg0jMnakmzDf3cRg2r78VyzeqONr1SHyAaLvFmr
F6ZU5mCrxKO3JjMLGkJw1Rxc16fqGNniKPoqmEZbliJgSNLBK23MuRHpWvCG6JMT
AE0a9lkAdUQ07NJRJaBpEus1wYkPyO2b4Di69On2kdUsQ9LdU5aAIB9RCj5z97GQ
UN7LqL8NWQgKio8MgclLmP9s+IdWnB/cGPMrO6xyqBWtKA6rE0BCQTqYKOODPTXU
sR6+GN+bgkxtVxdKt52aWo6gy6Xuq98TXOj17m9hfKMIBRitrDJgU0v5YY5BLGYi
DpKZ45oA1K/PMZba/ZxxS9CzMU803ouHZZUJQgbJIaRUxVf0YrVKfcDdhEJ6MrRg
04mwh3NteH1/O3uQ+mFtKsmj1rFt9WMzgsO15fcYiCjjSzui/1jJL+15epiWXSFd
aTMXqalErmW7yZZ4+xHVFPcR+Wt/aXcJ9QaTf+N5sPwIYuQT5k3ZsA6z0bO/FV7i
8UhhGUUcPT6NuTN1LY7k+wvsdcRayEU=
-----END CERTIFICATE-----
And the StackOverflow cert with CN and SAN
-----BEGIN CERTIFICATE-----
MIIHJTCCBg2gAwIBAgISA72+1m+qM4K1gtDMN1jR2FJbMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0yMDA4MDcxMzAxMDBaFw0y
MDExMDUxMzAxMDBaMB4xHDAaBgNVBAMMEyouc3RhY2tleGNoYW5nZS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChAaaXCGRfHl8uAuVzaQIAsNWj
sz679b63jJSb8HQOi4ZIc7puQXNZ78L/QrKeomO3+CsR4vd4k7RAITzmsyP3Xnz+
hrgbkG2iFGfN6APhnfC3jaSNsDk/zcy1EKzpuUVYOp+fpqqJuYvXP4eG3o8Gmeln
rweONZWyA2KxQYyiNNbnwdSpSASDbObhtDgXDS8g8fiFtZvjxaSrAPydx/L7AbYG
jyslc4Boo+JoXl4/teVWLQkKMHXEiDzaaOec/LFqyh2dGmlZs+EDis77I1qRegA8
x/Z/HvhUyagjXB9eqqpiaMR5WkVXRcAoSPa1kM+VcXRyZh+XN3nvB0Pbenc/AgMB
AAGjggQvMIIEKzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBtuDXxB32488D9N/baT
nSOcs9BtMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUF
BwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNy
eXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNy
eXB0Lm9yZy8wggHkBgNVHREEggHbMIIB14IPKi5hc2t1YnVudHUuY29tghIqLmJs
b2dvdmVyZmxvdy5jb22CEioubWF0aG92ZXJmbG93Lm5ldIIYKi5tZXRhLnN0YWNr
ZXhjaGFuZ2UuY29tghgqLm1ldGEuc3RhY2tvdmVyZmxvdy5jb22CESouc2VydmVy
ZmF1bHQuY29tgg0qLnNzdGF0aWMubmV0ghMqLnN0YWNrZXhjaGFuZ2UuY29tghMq
LnN0YWNrb3ZlcmZsb3cuY29tghUqLnN0YWNrb3ZlcmZsb3cuZW1haWyCDyouc3Vw
ZXJ1c2VyLmNvbYINYXNrdWJ1bnR1LmNvbYIQYmxvZ292ZXJmbG93LmNvbYIQbWF0
aG92ZXJmbG93Lm5ldIIUb3BlbmlkLnN0YWNrYXV0aC5jb22CD3NlcnZlcmZhdWx0
LmNvbYILc3N0YXRpYy5uZXSCDXN0YWNrYXBwcy5jb22CDXN0YWNrYXV0aC5jb22C
EXN0YWNrZXhjaGFuZ2UuY29tghJzdGFja292ZXJmbG93LmJsb2eCEXN0YWNrb3Zl
cmZsb3cuY29tghNzdGFja292ZXJmbG93LmVtYWlsghFzdGFja3NuaXBwZXRzLm5l
dIINc3VwZXJ1c2VyLmNvbTBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLf
EwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCC
AQMGCisGAQQB1nkCBAIEgfQEgfEA7wB1AOcS8rA3fhpi+47JDGGE8ep7N8tWHREm
W/Pg80vyQVRuAAABc8k5k1sAAAQDAEYwRAIgaSN4+Dp0Ok5hMAHQfloLqMw0AHS5
g/qCdCkjDXTIZZkCICauC3SqsvYGYfMD0MFJIwcKVZ0LyyeFmi84MfLLQ0v1AHYA
sh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFzyTmTTAAABAMARzBF
AiAlqHGi3QFuPFuKjh1M9PHK83/e2P1RUBElKWcFMj1KPAIhAP/7SHtOGAGXJ9lu
cw35Pa+O1DB2knhkQvfW6UiJP2iQMA0GCSqGSIb3DQEBCwUAA4IBAQBKVczMFdHl
yg79pfqtAdcex97XrcH85D9fHeM1WkJEOIMtSWFXOkCTnr3iPvtP11d3ObNT+gu0
njjH5xcVxBfcXuB8fFtVdgH38dTs/HqeLQYz1iF8luG8F9i0FOQb8P6tyD7BaRn8
7MQoMhay5VWF+zubAKac7IxcdnGpOEl7rGnKixaDul/VTgW9faTg69QBO2lzla1+
dWotBc/zK9WCHYSaX7IsHJBjYU1mSxa29myjCGGOmk2pXZP5yB/9NZSzkQkje87o
Qc7UCbvUWX6qBFZnFpehBucXfQlsQizCOA9GykjfpuFAw8g9W6MzBclbVhEi8VaA
G1xBoiCDrqfh
-----END CERTIFICATE-----
The text was updated successfully, but these errors were encountered: