Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
X509: don't attempt to parse multi-cert PEMs
- Loading branch information
1 parent
2ae6834
commit 00c9edc
Showing
2 changed files
with
117 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
00c9edc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See #1542
00c9edc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this fix is correct, neither is the testcase. In fact, this testcase would have passed before the change. This testcase is not the issue in #1542
The problem lies with a certificate chain where the former cert B64 body does not end with a
=
character. By removing the whitespace and the begin/end headers, you bascially make one big B64 string, which will pass validator, when it shouldn't.At this point, you are relying on the ASN.1 parser to stop parsing after the first certificate structure.
See example1.txt in #1542 for a correct testcase.
00c9edc
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The unit test was bad - I used example2.txt instead of example1.txt. The original code fails if I swap out the certs:
terrafrost@7394163
https://travis-ci.org/github/terrafrost/phpseclib/builds/740847618
With the correct certs in the test the new code passes.
I'm just removing whitespace. Sometimes I'll copy / paste a cert and white space will get added to the end. In particular, new lines or carriage returns or both.
The issue with the certs in your example is that they had non-whitespace that was being removed in the middle of the certs.
Anyway, I updated the unit tests with this commit:
d9196e4
Thanks!