Malformed certificates in version 1.2.5

[msilewicz]

• YubiKey Manager version: 1-2-5
• How was it installed?: From offical AppImage
• Operating system and version: Linux Mint 21.1
• YubiKey model and version: Yubikey 5 NFC
• Bug description summary: Version 1.2.5 PIV does not properly displays x509 certificates

Steps to reproduce
Import certificate to any of the slot in version 1.2.4 from PKCS#12 file and try to see this certificate in version 1.2.5
there should be some details from certificate visible - however only "Malformed certificate" is visible

Expected result
Certificate details should be visible

[What did you expect to happen when you did the above?]

Application should work in the same way as version 1.2.4 in this area.

Actual results

[What actually happened?]

Other info
when trying to export such malformed certificate - following is printed on linux terminal :

msilewicz@zenbook:~/Pobrane$ ./yubikey-manager-qt-1.2.5-linux.AppImage
Uncaught exception
Traceback (most recent call last):
File "/tmp/.mount_yubike1yasMa/usr/lib/python3.11/site-packages/yubikit/piv.py", line 723, in get_certificate
return x509.load_der_x509_certificate(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/tmp/.mount_yubike1yasMa/usr/lib/python3.11/site-packages/cryptography/x509/base.py", line 562, in load_der_x509_certificate
return rust_x509.load_der_x509_certificate(data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: error parsing asn1 value: ParseError { kind: EncodedDefault, location: ["RawCertificate::tbs_cert", "TbsCertificate::extensions", 0, "Extension::critical"] }

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "qrc:///py/yubikey.py", line 78, in wrapped
return f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^
File "qrc:///py/yubikey.py", line 812, in piv_export_certificate
cert = session.get_certificate(SLOT[slot])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/tmp/.mount_yubike1yasMa/usr/lib/python3.11/site-packages/yubikit/piv.py", line 727, in get_certificate
raise BadResponseError("Invalid certificate", e)
yubikit.core.BadResponseError: ('Invalid certificate', ValueError('error parsing asn1 value: ParseError { kind: EncodedDefault, location: ["RawCertificate::tbs_cert", "TbsCertificate::extensions", 0, "Extension::critical"] }'))
qml: Unmapped error: null ('Invalid certificate', ValueError('error parsing asn1 value: ParseError { kind: EncodedDefault, location: ["RawCertificate::tbs_cert", "TbsCertificate::extensions", 0, "Extension::critical"] }'))

[msilewicz]

Mentioned earlier certificate is of course perfectly ok -it is not malformed.

[fdennis]

Hi,
Thanks for the report! I am not able to reproduce. Could you perhaps share a bit more information and/or steps? How are you creating the certificate and how are you importing it?

You could also try running the application through the terminal with --log-level DEBUG at the end and see if it prints any stack trace or similar when it is showing the malformed certificate.