[gnutls-devel] error: certificate policies import: ASN1 parser: Error in DER parsing
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Feb 11 17:32:48 CET 2016
On Thu, Feb 11, 2016 at 3:25 PM, Tim Ruehsen <tim.ruehsen at gmx.de> wrote:
> On Debian SID (amd64), I recognize a ASN1 error with
>
> $ gnutls-cli -V outlook.office365.com
> ...
> error: certificate policies import: ASN1 parser: Error in DER parsing.
> ...
That's pretty interesting. I run it on master and got:
|<3>| ASSERT: common.c:1070
|<3>| ASSERT: common.c:1186
|<3>| ASSERT: x509_ext.c:1850
The common.c:1070 code is the embedded null in string protection routine:
/* Refuse to deal with strings containing NULs. */
if (etype != ASN1_ETYPE_OCTET_STRING) {
if (output->data)
len = strlen((void *) output->data);
else
len = 0;
if (len != (size_t) output->size) {
_gnutls_free_datum(output);
ret = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
}
}
So it is an ascii string with an embedded NULL. For sure we need a
better error code to handle this type of errors.
regards,
Nikos
More information about the Gnutls-devel
mailing list