New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
encoding/asn1: correctly rejects @ char in PrintableString in invalid cert #12767
Comments
ASN1 PrintableStrings must not contain Can you please explain more about your problem, preferably showing code or a failing test case. |
The client certificate I was given to use has a e.g. (output from
^^ Not sure how in the world that got in there. |
It's interesting how other libs and langs handle this ugly issue gracefully. I've tried: curl, objective-c, nodejs, php, and openssl s_client and they all seem to be parsing the the cert without strictly validating the strings. I can easily change the encoding type in the binary blob from |
I think the go behaviour is correct, and arguments that other languages don't validate don't really feel appropriate where security is involved. /cc @agl |
I totally agree. |
Can you get a valid certificate? In general we don't want to cater to all possible ways a certificate might be broken. If this kind of thing is endemic in the wild then we might make an exception, but if it's just a one-time mistake, it's not appropriate for the Go standard library to sanction it. It sounds like you know a workaround (recompile your version of Go). Unless there is evidence this kind of problem affects many many users, I think we'll stick with spec compatibility. |
isPrintable
func does not play well with @
char
Unfortunately, I can't get a valid certificate 😒 But anyways, deff stick with spec compatibility... I don't expect an exception for a single anomaly. Thanks for the support. |
I am currently working on porting an internal https based service that uses client certificates to establish secure connections and am running into problems where the client certificate fails to be parsed by
tls.X509KeyPair(cert, key)
because the char@
is used in the client certificate... With current master,X509KeyPair
returns errorPrintableString contains invalid character
Quick fix: (asn1.go
isPrintable
func)But not sure how well this will be accepted. Please advice. Thanks.
The text was updated successfully, but these errors were encountered: