This repository has been archived by the owner on Jun 19, 2020. It is now read-only.
show an error when a certificate's extensions field is present but empty #20
Comments
|
I opened an issue on asn1c about this a little while back. vlm/asn1c#77 If you can fix that, then this will turn into an error. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
See https://tools.ietf.org/html/rfc5280#section-4.1.2.9:
If present, this field is a SEQUENCE of one or more certificate extensions.
(I realize that if a certificate didn't have any extensions, it wouldn't be valid by the BRs already, but it would be nice if certlint would emit this error since it's more of an encoding issue that isn't immediately obvious when looking at a certificate.)
Here's an example certificate with this issue:
-----BEGIN CERTIFICATE-----
MIICsDCCAZigAwIBAgIBBDANBgkqhkiG9w0BAQsFADAfMR0wGwYDVQQDExRIYXBw
eSBIYWNrZXIgRmFrZSBDQTAeFw0xNTAxMDEwMDAwMDBaFw0xNjAxMDEwMDAwMDBa
MBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAOEfchL2x3NcfFhU0dvO9bnoQdQjx2Owfl6qj9h0JBKC+uuofkVCiXTQ
OPKfGdDYwykRp0mErSHL6RDJe8JgcA9XW4TwNmfclfCJi+yNy5rkyoIR0E21en0n
o0DaXWamNc+WrTwu4kCVuSN2UBurYN/hTL8b3ksHJir7tVvUt7x/7GQwksO6yo/Z
bi1ZHS/I6Y2EytAkdr8miQBHctdhSCAvbMrslK1SJMtEICFU7TXvmhFtrzlb1ZfW
bdKaDcHqy28sO+9KhN5ylxPHcfVSE0SZU8YG4THCQZtSKyejCn4Vy1erceB/axH9
HlCSntIhfiutxT/hUuTOdeCs23Lq8w8CAwEAAaMCMAAwDQYJKoZIhvcNAQELBQAD
ggEBALxKuZh0U+JshVi6mPFJ7fqcay2d8zxIiF2aE+Xp2bLhB29NFLm0sIdXidjc
LRWSIxnBiLMGvbDvxspiwl67wNTCV9v2DJ9UZTcVzLMzZMOTgKk24bxlN3zcQFAb
AlkGnWKPCH9YWpcGx6oOiOVip9IwI/IDJV/QxQhI9lLOAMcmwyiq9MqClvyxTTmz
9gAfZGXCZepUcmo/1mZm3a1IC2UIv/Wz1n+dTo44hV2EZFa12mFuWfBAv2SRCt9Z
ieqcR/WSRsLBRMtnXtHEfa/JgylkPkIOJJ3PdCJm1YV2EVdCU16jgNyJt0ZZ9kOp
brKCQJfF2M+1xA4+97LxZUPCTNg=
-----END CERTIFICATE-----
The text was updated successfully, but these errors were encountered: