x/crypto/pkcs12: unknown attribute with OID 1.3.6.1.4.1.311.17.3.92 #24325
Comments
andybons
added
the
NeedsInvestigation
|
/cc @FiloSottile |
|
I am also getting the above error with go lang version 1.8.7 . Is there any solution |
|
It looks like we would need to decode the blob they send ( FWIW I don't see that specific OID on their page, but are there lots of others we'd need to worry about? https://support.microsoft.com/en-us/help/287547/object-ids-associated-with-microsoft-cryptography |
|
Interestingly, a very similar issue has cropped up in our environment just yesterday (for OID It's really hard to figure out what to do with the bytes in our case if they ever are not empty (though honestly in my case, we don't care, we just want the cert, but in the general case that may not be true depending on what they mean). The best I've been able to come up with as an action plan is to dive into OpenSSL and see how they're handling it, but I'm pretty unfamiliar with both the language and codebase. |
FiloSottile
changed the title
|
Ran into 1.3.6.1.4.1.311.17.2 as well... OpenSSL seems to decode that OID as |
|
Change https://golang.org/cl/166520 mentions this issue: |
|
Hello Any updates on this issue? Thanks |
|
Change https://golang.org/cl/201457 mentions this issue: |
|
Change https://golang.org/cl/241281 mentions this issue: |
instead of ignoring unknown attributes, I added an extra attribute {1, 3, 6, 1, 4, 1, 311, 17, 2}.
golang/go#24325 (comment)
instead of ignoring unknown attributes, I added an extra attribute {1, 3, 6, 1, 4, 1, 311, 17, 2}.
golang/go#24325 (comment)
instead of ignoring unknown attributes, I added an extra attribute {1, 3, 6, 1, 4, 1, 311, 17, 2}.
golang/go#24325 (comment)
Looking at our own use case as well as people running into the same issue [1][2], it seems like users usually don't care about decoding unknown PKCS12Attributes. [1]: golang/go#24325 [2]: SSLMate/go-pkcs12#4 Fixes golang/go#24325 Change-Id: I4f3700d2551af6dac215c49dd179ce46c4b2a9db Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241281 Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Looking at our own use case as well as people running into the same issue [1][2], it seems like users usually don't care about decoding unknown PKCS12Attributes. [1]: golang/go#24325 [2]: SSLMate/go-pkcs12#4 Fixes golang/go#24325 Change-Id: I4f3700d2551af6dac215c49dd179ce46c4b2a9db Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241281 Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Looking at our own use case as well as people running into the same issue [1][2], it seems like users usually don't care about decoding unknown PKCS12Attributes. [1]: golang/go#24325 [2]: SSLMate/go-pkcs12#4 Fixes golang/go#24325 Change-Id: I4f3700d2551af6dac215c49dd179ce46c4b2a9db Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241281 Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Looking at our own use case as well as people running into the same issue [1][2], it seems like users usually don't care about decoding unknown PKCS12Attributes. [1]: golang/go#24325 [2]: SSLMate/go-pkcs12#4 Fixes golang/go#24325 Change-Id: I4f3700d2551af6dac215c49dd179ce46c4b2a9db Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241281 Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Looking at our own use case as well as people running into the same issue [1][2], it seems like users usually don't care about decoding unknown PKCS12Attributes. [1]: golang/go#24325 [2]: SSLMate/go-pkcs12#4 Fixes golang/go#24325 Change-Id: I4f3700d2551af6dac215c49dd179ce46c4b2a9db Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241281 Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Looking at our own use case as well as people running into the same issue [1][2], it seems like users usually don't care about decoding unknown PKCS12Attributes. [1]: golang/go#24325 [2]: SSLMate/go-pkcs12#4 Fixes golang/go#24325 Change-Id: I4f3700d2551af6dac215c49dd179ce46c4b2a9db Reviewed-on: https://go-review.googlesource.com/c/crypto/+/241281 Reviewed-by: Filippo Valsorda <filippo@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version)?1.10
Does this issue reproduce with the latest release?
yes
What operating system and processor architecture are you using (
go env)?windows 10 amd64
What did you do?
I was converting a PFX file to pem.Block using the golang.org/x/crypto/pkcs12.ToPEM() function
What did you expect to see?
the certificate and the key PEM bytes
What did you see instead?
error: pkcs12: unknown attribute with OID 1.3.6.1.4.1.311.17.3.92
http://oid-info.com/get/1.3.6.1.4.1.311.17.3.92
Apparently PFX files (on windows) can contain an OID which is not handled by pkcs12 parser.
https://github.com/golang/crypto/blob/master/pkcs12/pkcs12.go#L177
Is there a way to handle this OID or just ignore it if it's not relevant to the output ?
Thank you
The text was updated successfully, but these errors were encountered: