You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've been doing some work grabbing x509 certs out of SSL traffic and processing them.
Recently, I've seen some certs from 2a03:2880:10:8f01:face:b00c:0:26 (facebook) that the
x509 package can't seem to process. I'm not sure if this is because the cert is bad or
because there's an issue with the x509 package, but I thought I'd drop it here and see
if someone wants to take a look.
NOTE: This is the 3rd cert served by facebook in the SSL handshake. The first 2 alone
are enough to validate the certificate chain against a root CA.
NOTE 2: I'm really unfamiliar with certificates myself, so I went no farther than
"It can't parse <sad face>". It could be a very simple issue.
What steps will reproduce the problem?
If possible, include a link to a program on play.golang.org.
http://play.golang.org/p/uS9Irdg_4r
What is the expected output?
I was hoping the x509 cert would parse.
What do you see instead?
X509 parsing error: ASN.1 structure error: tags don't match (16 vs {class:0 tag:1
length:0 isCompound:false}) {optional:false explicit:false application:false
defaultValue:<nil> tag:<nil> stringType:0 set:false omitEmpty:false}
AlgorithmIdentifier @945
Which compiler are you using (5g, 6g, 8g, gccgo)?
6g
Which operating system are you using?
linux
Which version are you using? (run 'go version')
go version go1.0.1
Please provide any additional information below.
The text was updated successfully, but these errors were encountered:
I've attached the pcap I got the certificate from. I generated the pcap with:
sudo tcpdump -i eth0 host 2a03:2880:10:1f02:face:b00c:0:26 and port 443 -s 0 -w /tmp/fb
and
wget 'https://[2a03:2880:10:1f02:face:b00c:0:26]:443/' --no-check-certificate
The certificate in the play link is actually corrupt: even OpenSSL won't parse it.
At 0x3b3 there's some bytes that don't make any sense. It should be the beginning of the
SignatureAlgorithm, but we get 01 00 95 00 81.
by gconnell@google.com:
The text was updated successfully, but these errors were encountered: