encoding/asn1: PrintableString does not match the standard #10416

signalsensefred · 2015-04-10T21:16:00Z

At the moment, encoding/asn1.isPrintable (http://golang.org/src/encoding/asn1/asn1.go#L324) is missing several characters from those described for PrintableString in section 5.11 of http://luca.ntop.org/Teaching/Appunti/asn1.html, to wit the characters in the string "('+,-."

This is a critical issue because it means that crypto/x509, which does depends on encoding/asn1, cannot load a lot of certificates.

minux · 2015-04-12T00:38:20Z

/cc @agl

agl · 2015-04-12T23:15:45Z

Based on the code that your referenced[1], the lines

 '\'' <= b && b <= ')' ||
 '+' <= b && b <= '/' ||

Handle the characters ' ( ) + , - . / as required I believe. Can you give an example of a certificate that can't be parsed because of this?

[1] https://golang.org/src/encoding/asn1/asn1.go#L324

signalsensefred · 2015-04-13T16:30:51Z

Maybe I have the root cause wrong. Here is a certificate and key, and an example program to demonstrate:

package main

import (
    "crypto/tls"
    "fmt"
    "io/ioutil"
)

func main() {
    certBuf, err := ioutil.ReadFile("bug-cert.pem")
    if err != nil {
        fmt.Printf("%v", err)
        return
    }
    keyBuf, err := ioutil.ReadFile("bug-key.pem")
    if err != nil {
        fmt.Printf("%v", err)
        return
    }

    cert, err := tls.X509KeyPair(certBuf, keyBuf)
    if err != nil {
        fmt.Printf("%v", err)
        return
    }

    fmt.Printf("Block %v", cert)
}

bug-cert.pem contains:

and bug-key.pem contains:

agl · 2015-04-13T17:31:13Z

That certificate contains an underscore in a PrintableString, which is, indeed, invalid, no? https://en.wikipedia.org/wiki/PrintableString

signalsensefred · 2015-04-14T18:40:05Z

Oh for heavens sake. I'm an idiot. Sorry to bother you all with this.

mikioh changed the title ~~ASN.1 PrintableString does not match the standard~~ encoding/asn1: PrintableString does not match the standard Apr 12, 2015

minux added the repo-main label Apr 12, 2015

minux added this to the Go1.5Maybe milestone Apr 12, 2015

agl self-assigned this Apr 12, 2015

agl closed this as completed Apr 12, 2015

golang locked and limited conversation to collaborators Jun 25, 2016

gopherbot added the FrozenDueToAge label Jun 25, 2016

rsc unassigned agl Jun 23, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

encoding/asn1: PrintableString does not match the standard #10416

encoding/asn1: PrintableString does not match the standard #10416

signalsensefred commented Apr 10, 2015

minux commented Apr 12, 2015

agl commented Apr 12, 2015

signalsensefred commented Apr 13, 2015

agl commented Apr 13, 2015

signalsensefred commented Apr 14, 2015

encoding/asn1: PrintableString does not match the standard #10416

encoding/asn1: PrintableString does not match the standard #10416

Comments

signalsensefred commented Apr 10, 2015

minux commented Apr 12, 2015

agl commented Apr 12, 2015

signalsensefred commented Apr 13, 2015

agl commented Apr 13, 2015

signalsensefred commented Apr 14, 2015