mirror of https://github.com/briansmith/webpki
Error::UnsupportedCertVersion instead of BadDER on certificate v1
I agree to license my contributions to each file under the terms given at the top of each file I changed.
This commit is contained in:
parent
07306a64a3
commit
1364e7a902
|
@ -135,7 +135,7 @@ fn version3(input: &mut untrusted::Reader) -> Result<(), Error> {
|
|||
der::nested(
|
||||
input,
|
||||
der::Tag::ContextSpecificConstructed0,
|
||||
Error::BadDER,
|
||||
Error::UnsupportedCertVersion,
|
||||
|input| {
|
||||
let version = der::small_nonnegative_integer(input)?;
|
||||
if version != 2 {
|
||||
|
|
|
@ -68,6 +68,9 @@ pub enum Error {
|
|||
UnknownIssuer,
|
||||
|
||||
/// The certificate is not a v3 X.509 certificate.
|
||||
///
|
||||
/// This error may be also reported if the certificate version field
|
||||
/// is malformed.
|
||||
UnsupportedCertVersion,
|
||||
|
||||
/// The certificate contains an unsupported critical extension.
|
||||
|
|
|
@ -57,7 +57,7 @@ impl<'a> TrustAnchor<'a> {
|
|||
possibly_invalid_certificate_serial_number,
|
||||
) {
|
||||
Ok(cert) => Ok(Self::from(cert)),
|
||||
Err(Error::BadDER) => parse_cert_v1(cert_der).or(Err(Error::BadDER)),
|
||||
Err(Error::UnsupportedCertVersion) => parse_cert_v1(cert_der).or(Err(Error::BadDER)),
|
||||
Err(err) => Err(err),
|
||||
}
|
||||
}
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,27 @@
|
|||
// Copyright 2021 Brian Smith.
|
||||
//
|
||||
// Permission to use, copy, modify, and/or distribute this software for any
|
||||
// purpose with or without fee is hereby granted, provided that the above
|
||||
// copyright notice and this permission notice appear in all copies.
|
||||
//
|
||||
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
|
||||
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
|
||||
// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
use core::convert::TryFrom;
|
||||
|
||||
#[test]
|
||||
fn test_cert_v1_unsupported() {
|
||||
// Check with `openssl x509 -text -noout -in cert_v1.der -inform DER`
|
||||
// to verify this is a correct version 1 certificate.
|
||||
const CERT_V1_DER: &[u8] = include_bytes!("cert_v1.der");
|
||||
|
||||
assert_eq!(
|
||||
Some(webpki::Error::UnsupportedCertVersion),
|
||||
webpki::EndEntityCert::try_from(CERT_V1_DER).err()
|
||||
);
|
||||
}
|
Loading…
Reference in New Issue