Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

X509Extension __str__() method raises exception for unknown extension types #1238

Open
ich199 opened this issue Aug 10, 2023 · 1 comment · May be fixed by #1239
Open

X509Extension __str__() method raises exception for unknown extension types #1238

ich199 opened this issue Aug 10, 2023 · 1 comment · May be fixed by #1239

Comments

@ich199
Copy link

ich199 commented Aug 10, 2023

Issue

When calling the crypto.X509Extension method __str__(), if the extension type is not supported by OpenSSL, an exception_type error is raised:

python -c 'from OpenSSL.crypto import X509Extension; print(str(X509Extension(b"1.2.3.4.5.6.7", False, b"DER:05:00")))'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/home/iain/pyopenssl-test/lib64/python3.11/site-packages/OpenSSL/crypto.py", line 882, in __str__
    _openssl_assert(print_result != 0)
  File "/home/iain/pyopenssl-test/lib64/python3.11/site-packages/OpenSSL/_util.py", line 71, in openssl_assert
    exception_from_error_queue(error)
  File "/home/iain/pyopenssl-test/lib64/python3.11/site-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: []

Environment:

$ python --version
Python 3.11.4

$ pip list
Package      Version
------------ -------
cffi         1.15.1
cryptography 41.0.3
pip          23.2.1
pycparser    2.21
pyOpenSSL    23.2.0
setuptools   62.6.0

$ openssl version
OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023)

Possible Cause

The current call to X509V3_EXT_print() in crypto.X509Extension sets the flags parameter (3rd parameter in the call) to 0, which causes OpenSSL to return an error for unknown extension types:

print_result = _lib.X509V3_EXT_print(bio, self._extension, 0, 0)

Possible Fix

Update X509V3_EXT_print() to set the flags parameter to one of the other valid values so that it returns success for unknown extension types.

eg. amending the call to use the value 1 << 16 or 65536 (X509V3_EXT_ERROR_UNKNOWN in OpenSSL) results in the call succeeding and printing <Not Supported> for the unknown extension type:

print_result = _lib.X509V3_EXT_print(bio, self._extension, 1 << 16, 0)
python -c 'from OpenSSL.crypto import X509Extension; print(str(X509Extension(b"1.2.3.4.5.6.7", False, b"DER:05:00")))'
<Not Supported>
@ich199 ich199 linked a pull request Aug 10, 2023 that will close this issue
Open
@ich199
Copy link
Author

ich199 commented Aug 10, 2023

Possibly related to #270

@ich199 ich199 mentioned this issue Sep 6, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix X509Extension __str__() method for unknow extension types ich199/pyopenssl
1 participant
@ich199