Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore text around the certificate delimiter(s). #352

Merged
merged 1 commit into from
Dec 9, 2016
Merged

Ignore text around the certificate delimiter(s). #352

merged 1 commit into from
Dec 9, 2016

Conversation

srkolb
Copy link
Contributor

@srkolb srkolb commented Dec 7, 2016

Some PEM files have the base64 decoded cert in it. I changed PEMUtils.read_certificate to ignore text before and after the certificate delimiter.

A PEM file that looked like this does validate using openssl verify and used to work with an older version of this gem:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 104495 (0x1982f)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=Example CA, C=US, O=example.com
        Validity
            Not Before: Sep 19 20:11:48 2016 GMT
            Not After : May 11 20:11:48 2041 GMT
        Subject: C=US, ST=NJ, O=FOO, OU=BAR, CN=Somebody
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                    00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                    00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                    00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                    00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                    00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                    00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                    00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Basic Constraints:
                CA:FALSE
            X509v3 Subject Key Identifier:
                00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
            X509v3 Authority Key Identifier:
                keyid:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
                DirName:/CN=Example CA/C=US/O=example.com
                serial:00

            Netscape CA Revocation Url:
                https://www.sial.org/ca-crl.pem
    Signature Algorithm: sha1WithRSAEncryption
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:
         00:00:00:00
-----BEGIN CERTIFICATE-----
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
-----END CERTIFICATE-----

@srkolb
Some PEM files have the base64 decoded cert in it, change PEMUtils.re…
bef559f 
…ad_certificate to ignore text before and after certificate delimiter
@nahi
Copy link
Owner

nahi commented Dec 9, 2016

Thank you!

@nahi nahi merged commit 54d3d74 into nahi:master Dec 9, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@srkolb @nahi