pyOpenSSL

Something is wrong with CRL export

Bug #653761 reported by Jean-Paul Calderone
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
pyOpenSSL
Fix Committed
Undecided
Unassigned

Bug Description

>>> print(crl.export(c.X509(), c.PKey()).decode('ascii'))
-----BEGIN X509 CRL-----
MEwwODANBgkqhkiG9w0BAQQFADAAFw0xMDEwMDIyMDE4MThaFw0xMTAxMTAyMDE4
MThaMAcwBQIBAB8AMA0GCSqGSIb3DQEBBAUAAwEA
-----END X509 CRL-----

>>> c.NetscapeSPKI('hello')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OpenSSL.crypto.Error: [('asn1 encoding routines', 'ASN1_item_sign', 'malloc failure'), ('x509 certificate routines', 'NETSCAPE_SPKI_b64_decode', 'base64 decode error')]
>>> c.NetscapeSPKI('hello')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OpenSSL.crypto.Error: [('x509 certificate routines', 'NETSCAPE_SPKI_b64_decode', 'base64 decode error')]
>>>

This is probably some missing error checking in the use of the certificate or key (or both) in the export implementation. The above certificate and key are completely invalid, after all. The export should fail, not produce whatever that output it is producing is, and it should check the error queue so things aren't left behind for the next guy who comes along.

Revision history for this message
Jean-Paul Calderone (exarkun) wrote :

Fixed in r160.

Changed in pyopenssl:
status: New → Fix Committed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.