-
-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
More incorrect cRLDistributionPoints encodings #33
Comments
This was referenced Feb 26, 2017
Adding calls to #!/usr/bin/env python3
from asn1crypto.x509 import CRLDistributionPoints
from base64 import b64decode
crldp = [
'''
MIG9MIG6oIG3oIG0hiFodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1Jvb3RDQS5jcmyGgY5sZGFwOi8v
bGRhcC5lLXN6aWduby5odS9DTj1NaWNyb3NlYyUyMGUtU3ppZ25vJTIwUm9vdCUyMENBLE9VPWUt
U3ppZ25vJTIwQ0EsTz1NaWNyb3NlYyUyMEx0ZC4sTD1CdWRhcGVzdCxDPUhVP2NlcnRpZmljYXRl
UmV2b2NhdGlvbkxpc3Q7YmluYXJ5
''', '''
MIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9v
dCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRp
ZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2Qt
dHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmw=
''', '''
MIHSMIGHoIGEoIGBhn9sZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBS
b290JTIwQ2xhc3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E
RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0
L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDkuY3Js
''',
]
for i, dp in enumerate(crldp):
der = b64decode(dp)
p = CRLDistributionPoints.load(der)
with open('dp-%d-orig.der' % i, 'wb') as fp:
fp.write(der)
p.debug()
with open('dp-%d-dump.der' % i, 'wb') as fp:
fp.write(p.dump(force=True))
p.debug() It seems the issue is with the |
So the issue seems to be with LDAP URLs. Here is the debug code: #!/usr/bin/env python3
from asn1crypto.x509 import GeneralName, CRLDistributionPoints
from base64 import b64decode
crldp = [
'''
MIG9MIG6oIG3oIG0hiFodHRwOi8vd3d3LmUtc3ppZ25vLmh1L1Jvb3RDQS5jcmyGgY5sZGFwOi8v
bGRhcC5lLXN6aWduby5odS9DTj1NaWNyb3NlYyUyMGUtU3ppZ25vJTIwUm9vdCUyMENBLE9VPWUt
U3ppZ25vJTIwQ0EsTz1NaWNyb3NlYyUyMEx0ZC4sTD1CdWRhcGVzdCxDPUhVP2NlcnRpZmljYXRl
UmV2b2NhdGlvbkxpc3Q7YmluYXJ5
''', '''
MIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9yeS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9v
dCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIwMDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRp
ZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+GPWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2Qt
dHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAwOS5jcmw=
''', '''
MIHSMIGHoIGEoIGBhn9sZGFwOi8vZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBS
b290JTIwQ2xhc3MlMjAzJTIwQ0ElMjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1E
RT9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0
L2NybC9kLXRydXN0X3Jvb3RfY2xhc3NfM19jYV8yX2V2XzIwMDkuY3Js
''',
]
for i, dp in enumerate(crldp):
der = b64decode(dp)
orig_names = []
p = CRLDistributionPoints.load(der)
with open('dp-%d-orig.der' % i, 'wb') as fp:
fp.write(der)
names = p[0]['distribution_point'].chosen
for name in names:
orig_names.append(name.dump())
with open('dp-%d-dump.der' % i, 'wb') as fp:
fp.write(p.dump(force=True))
names = p[0]['distribution_point'].chosen
for j, name in enumerate(names):
if orig_names[j] == name.dump():
continue
GeneralName.load(orig_names[j]).debug()
name.debug() And the output
I'm going to assume that the issue is caused by URL-encoding various characters in the LDAP path segments when force-encoding. |
Fixed by 8c9011f |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm really sorry, but I found more (possible) issues :-)
I took a list of 157 (trusted) root certs, decoded + reencoded them with asn1crypto.
5 / 157 certs failed.
3 of them had issues with incorrect cRLDistributionPoints encoding (Similar but probably not same as #32)
And just the broken cRLDistributionPoints:
The text was updated successfully, but these errors were encountered: