Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle asn1 decode errors #8256

Merged
merged 1 commit into from
Mar 15, 2024
Merged

Handle asn1 decode errors #8256

merged 1 commit into from
Mar 15, 2024

Conversation

dgud
Copy link
Contributor

@dgud dgud commented Mar 12, 2024

Asn.1 errors was not handled in all places, catch the decoding of the DerCerts.

Also while at it change usage to handle 'combined_cert()' to only decode the certs once, improves performance.

Fixes #8058

@dgud dgud self-assigned this Mar 12, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 12, 2024
edited

CT Test Results

    2 files     67 suites   50m 21s ⏱️
  788 tests   744 ✅  44 💤 0 ❌
3 748 runs  2 954 ✅ 794 💤 0 ❌

Results for commit 2c80725.

♻️ This comment has been updated with latest results.

To speed up review, make sure that you have read Contributing to Erlang/OTP and that all checks pass.

See the TESTING and DEVELOPMENT HowTo guides for details about how to run test locally.

Artifacts

// Erlang/OTP Github Action Bot

@IngelaAndin IngelaAndin added the team:PS Assigned to OTP team PS label Mar 12, 2024
@dgud dgud force-pushed the dgud/ssl/catch_asn1_decoding_error/GH-8058/OTP-18969 branch 3 times, most recently from 93e5606 to 2c80725 Compare March 13, 2024 11:47
@dgud dgud added the testing currently being tested, tag is used by OTP internal CI label Mar 13, 2024
@dgud dgud requested review from IngelaAndin and u3s March 13, 2024 13:36
IngelaAndin
IngelaAndin reviewed Mar 13, 2024
View reviewed changes
lib/ssl/src/ssl_handshake.erl Outdated
@@ -353,8 +353,9 @@ certify(#certificate{asn1_certificates = ASN1Certs}, CertDbHandle, CertDbRef,
path_validation_alert(Reason)
end
catch
error:{_,{error, {asn1, Asn1Reason}}} ->
error:{_,{error, {asn1, Asn1Reason}}}=OtherReason:ST ->
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So when we get here we no longer decode any certificates here and this error clause should no be dead code!

u3s
u3s approved these changes Mar 14, 2024
View reviewed changes
lib/ssl/src/ssl_handshake.erl Outdated Show resolved Hide resolved
@dgud
Handle asn1 decode errors
ba2403c 
Asn.1 errors was not handled in all places, catch the decoding of the
DerCerts.

Also while at it change usage to handle 'combined_cert()' to only
decode the certs once, improves performance.
@dgud dgud force-pushed the dgud/ssl/catch_asn1_decoding_error/GH-8058/OTP-18969 branch from 2c80725 to ba2403c Compare March 15, 2024 08:11
@dgud dgud merged commit 0c948ce into erlang:master Mar 15, 2024
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IngelaAndin IngelaAndin IngelaAndin left review comments

@u3s u3s u3s approved these changes

Assignees

@dgud dgud

Labels
team:PS Assigned to OTP team PS testing currently being tested, tag is used by OTP internal CI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TLS/ASN1 crash connecting to some sites
3 participants
@dgud @IngelaAndin @u3s