-
-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error when parsing some real world OCSPResponses in Extensions (OctetString received instead of ParsableOctetString) #85
Comments
This looks very similar to #56. I do believe the ASN.1 data you are reading is technically invalid, but it seems that there is at least one popular OCSP responder out there that is encoding the data incorrectly, so we'll probably have to find a way around that. |
Hi. It would be cool if we had a way to register error handlers for parsing errors. register_error_handler(ObjectType_or_ObjectTypeTuple, function) The function should be called with something like this: function(asn1data, ObjectTypeWhichHadParsingErrors) Some of the outcomes could be:
|
Best to track down which software generates the bad ASN.1 and have it fixed. Adding workaround to decoders only encourages encoders to implement even more bugs, forcing other decoders to add the workaround too ;-) Would such an error handler be reliable? Could there be no decoding error by accident but still a wrong result? It might be possible to add a generic callback that's called every time a value is about to be decoded. This can be used to work around all types of mistakes. Or you can decode your ocsp response as a Sequence, fix the problem and parse again as OCSPResponse. |
@joernheissler I'll try to investigate it a bit more, when I find the time. We receive the response through an intermediate service (of spanish's government). I guess that's a problem of one of approved Trust Service Providers. IMHO, I consider it very interesting to have a custom error handler to avoid the need of patching the library. |
I came across something similar now in the swedish BankID system. If I am not mistaken when trying to parse and go through the OCSP response on calling
it crashes with
|
Actually when looking at the raw data it actually seems to be correct. |
Suggestions on how to treat this?
Using some error treatment hook would be nice.
El 19 sept. 2018 12:43 p. m., "sheepsy90" <notifications@github.com>
escribió:
Actually when looking at the raw data it actually seems to be correct.
This is the byte stream (in ints that I analyzed myself)
It always includes the TAG, LENGTH, PAYLOAD
[6, 9, 43, 6, 1, 5, 5, 7, 48, 1, 2] [1, 1, 255] [4, 32, 102, 247, 231, 203,
225, 136, 203, 52, 189, 140, 20, 211, 111, 117, 38, 130, 58, 85, 148, 254,
152, 24, 35, 238, 115, 16, 215, 227, 144, 123, 209, 213]
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#85 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAEtcGnmMjGcHZvso9ncJT6LEJOhlqNOks5uch_cgaJpZM4THw_W>
.
|
I got errors when parsing OCSP Responses in CADES / CMS attributes and running .native.
It comes down to the definition of 'extn_value' as 'ParsableOctetString' in ResponseDataExtension:
The error I get:
When looking at the data we can see that it's not an DER encoded OctetString (not ParsableOctetString) but a normal octet string:
The interesting part here is the extn_value:
How could I ignore the error or make an option to avoid it? e.g.:
E.g., whenever an OctetString is requested in ParsableOctetString.parse, self.bytes() must start with '\x04'. If it's not the case, the self._header could be prepended.
Any suggestions?
Thanks in advance.
The text was updated successfully, but these errors were encountered: