Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mk-ca-bundle.pl fails when "NOT_TRUSTED" is used as level #5278

Closed
ashwin-metpalli opened this issue Apr 21, 2020 · 1 comment
Closed

mk-ca-bundle.pl fails when "NOT_TRUSTED" is used as level #5278

ashwin-metpalli opened this issue Apr 21, 2020 · 1 comment

Comments

@ashwin-metpalli
Copy link

@ashwin-metpalli ashwin-metpalli commented Apr 21, 2020

I did this

The below command fails with the error "unable to load certificate
Couldn't close openssl pipe: Inappropriate I/O control operation at mk-ca-bundle.pl line 562, line 919."
perl mk-ca-bundle.pl -n -p "ALL:NOT_TRUSTED" -s "SHA256" -t BadCerts.txt

I expected the following

The same command succeeds with the script version 1.25 while it fails with version 1.27. On analyzing further, Line no. 518 has something to do with
the root cause -- ( if(/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/ && $valid) {
"

curl/libcurl version

curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL
Release-Date: [unreleased]
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL

operating system

Windows 10
latestlog.txt

@bagder bagder changed the title Script fails when "NOT_TRUSTED" is used as level mk-ca-bundle.pl fails when "NOT_TRUSTED" is used as level Apr 22, 2020
@bagder
Copy link
Member

@bagder bagder commented Apr 22, 2020

This seems to fix it for me:

--- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -529,10 +529,15 @@ while (<TXT>) {
       $skipnum ++;
       report "Skipping: $caname" if ($opt_v);
     } else {
       my $data = $cka_value;
       $cka_value = "";
+
+      if(!length($data)) {
+          # if empty, skip
+          next;
+      }
       my $encoded = MIME::Base64::encode_base64($data, '');
       $encoded =~ s/(.{1,${opt_w}})/$1\n/g;
       my $pem = "-----BEGIN CERTIFICATE-----\n"
               . $encoded
               . "-----END CERTIFICATE-----\n";
bagder added a commit that referenced this issue Apr 22, 2020
Reported-by: Ashwin Metpalli
Fixes #5278
Closes #
@bagder bagder closed this in bffa116 Apr 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

2 participants
You can’t perform that action at this time.