Skip to content

Commit

Permalink
Workaround for broken SPKAC generated by Chrome
Browse files Browse the repository at this point in the history 
* Valid SPKAC asn1parse:

    0:d=0  hl=4 l= 585 cons: SEQUENCE
    4:d=1  hl=4 l= 305 cons:  SEQUENCE
    8:d=2  hl=4 l= 290 cons:   SEQUENCE
   12:d=3  hl=2 l=  13 cons:    SEQUENCE
   14:d=4  hl=2 l=   9 prim:     OBJECT            :rsaEncryption
   25:d=4  hl=2 l=   0 prim:     NULL
   27:d=3  hl=4 l= 271 prim:    BIT STRING
  302:d=2  hl=2 l=   9 prim:   IA5STRING         :challenge
  313:d=1  hl=2 l=  13 cons:  SEQUENCE
  315:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
  326:d=2  hl=2 l=   0 prim:   NULL
  328:d=1  hl=4 l= 257 prim:  BIT STRING

* Offending SPKAC generated by Chrome:

    0:d=0  hl=4 l= 572 cons: SEQUENCE
    4:d=1  hl=4 l= 294 cons:  SEQUENCE
    8:d=2  hl=4 l= 288 cons:   SEQUENCE
   12:d=3  hl=2 l=  11 cons:    SEQUENCE
   14:d=4  hl=2 l=   9 prim:     OBJECT            :rsaEncryption
   25:d=3  hl=4 l= 271 prim:    BIT STRING
  300:d=2  hl=2 l=   0 prim:   IA5STRING         :
  302:d=1  hl=2 l=  11 cons:  SEQUENCE
  304:d=2  hl=2 l=   9 prim:   OBJECT            :md5WithRSAEncryption
  315:d=1  hl=4 l= 257 prim:  BIT STRING
  • Loading branch information
Proton committed Dec 31, 2013
1 parent c2d3681 commit 6f67bd0
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions pyspkac/spkac.py
View file
Expand Up @@ -162,7 +162,7 @@ class SPKAC (PEM_Object) :
1
>>> spkac.cert.check_purpose (m2.X509_PURPOSE_NS_SSL_SERVER, 0)
1
>>> spkac.cert.check_purpose (m2.X509_PURPOSE_ANY, 0)
>>> spkac.cert.check_purpose (m2.X509_PURPOSE_ANY, 0)
1
>>> spkac.cert.check_purpose (m2.X509_PURPOSE_SSL_CLIENT, 0)
1
Expand Down Expand Up @@ -216,9 +216,9 @@ def __init__ (self, b64val, challenge = None, *extensions, ** kw) :
raise SPKAC_Decode_Error (e)
if rest :
raise SPKAC_Decode_Error ("ASN.1 decode: data after SPKAC value")
if len (seq) != 3 or len (seq [0]) != 2 or len (seq [1]) != 2 :
if len (seq) != 3 or len (seq [0]) != 2 or len (seq [1]) not in (1, 2) :
raise SPKAC_Decode_Error ("Unknown SPKAC data format")
if seq [1][1] :
if len (seq [1]) == 2 and seq [1][1] :
raise SPKAC_Decode_Error ("Invalid Public Key Info")
self.signed = der_encode (seq [0])
self.spki = seq [0][0]
Expand Down

0 comments on commit 6f67bd0

Please sign in to comment.