-
-
Notifications
You must be signed in to change notification settings - Fork 6.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
7.44.0: asn1_output does not handle 4-digit year #427
Comments
Do you happen to know a public site that offers the longer version that I can try against? |
No, I do not know of any public site; we found this during internal testing of our app. |
I'm about to push a patch like this that I think should correct this problem and in fact clean up this function a little bit:
|
@bagder why not use |
Good question @ghedo! I think I once wrote this function because of some problem with that, but when I look back now I cannot find any explanation plus that we don't longer work with those old versions we had back then. Yes, let's scrap this crappy function and go with ASN1_TIME_print(). And thanks a lot, I'll certainly appreciate a patch! |
FWIW, I think the whole |
I like simplified! =) |
Soooo, I got carried away a bit and this is the result... "62 additions and 129 deletions" nice! However the output slightly changed (for example see the public key's BIGNUMs and the signature outputs). The original format could probably be restored, but more code is required. There's still room for improvement though, for example |
...or even drop the |
FWIW, by removing the infof calls I got to "49 insertions(+), 145 deletions(-)" (I still have to do servercert() and X509V3_ext()). |
Final report:
I can open a PR if needed. |
Using curl 7.44.0
I saw the following (partial) output from running curl in verbose mode:
Note the dates are the same, but this is not the case in the actual certificate.
Digging further, there is a bug in file lib/vtls/openssl.c function asn1_output(); it does not cater for a 4-digit year in the input field.
e.g. here is some output from the function itself showing the fields in the input "tm" and each character in the "tm->data" field. The first set is correct, and the second has a 4-digit year which causes an error.
The calling code (in get_cert_chain) does not check the return-code (to print the "not before" and "not after" dates in a certificate), hence the same buffer is printed for the "expire date"
Debug output:
// Correct output, for the "start date"
tm->length=13
tm->type=23
0: 0x31 '1'
1: 0x35 '5'
2: 0x30 '0'
3: 0x39 '9'
4: 0x30 '0'
5: 0x38 '8'
6: 0x31 '1'
7: 0x30 '0'
8: 0x34 '4'
9: 0x33 '3'
10: 0x33 '3'
11: 0x39 '9'
12: 0x5a 'Z'
// Incorrect, for the "expire date"
tm->length=15
tm->type=24
0: 0x32 '2'
1: 0x31 '1'
2: 0x31 '1'
3: 0x35 '5'
4: 0x30 '0'
5: 0x38 '8'
6: 0x31 '1'
7: 0x35 '5'
8: 0x31 '1'
9: 0x30 '0'
10: 0x34 '4'
11: 0x33 '3'
12: 0x33 '3'
13: 0x39 '9'
14: 0x5a 'Z'
The text was updated successfully, but these errors were encountered: