Bug #12162
closedOpenSSL::PKCS7 seems to create broken objects (nested asn.1 error)
Description
When trying to read previously created OpenSSL::PKCS7 object, it fails with 'nested asn.1 error'. Seems like object is broken.
Steps to reproduce:
- Generate x.509 certificate (either from CLI or in Ruby) and store it in OpenSSL::X509::Certificate object.
- Create new OpenSSL::PKCS7 object, set the 'type' attribute to ':signed'
- Add OpenSSL::X509::Certificate object to OpenSSL::PKCS7 object with #add_certificate() method
- Try to read back the object created in step '3' with: OpenSSL::PKCS7.new(pkcs7_obj.to_s)
Result:
ArgumentError: Could not parse the PKCS7: nested asn1 error
from (pry):8:in `initialize'
Expected result:
OpenSSL::PKCS7.new() should be able to read from previously created PKCS7 object (casted to string with #to_s method)
The session is attached to this ticket. It can be also found online: https://gist.github.com/jnahorny/9ccbb186c9f7c20c9f3e
note 1: I was able to reproduce this problem with ruby 2.2.x and latest head (2.4.0). On Linux too.
note 2: This code used to work when ruby was linked to openssl v 0.9.8.
Files
Updated by shyouhei (Shyouhei Urabe) about 8 years ago
- Status changed from Open to Assigned
- Assignee set to 7150
Updated by rhenium (Kazuki Yamaguchi) almost 8 years ago
- Status changed from Assigned to Third Party's Issue
The direct reason is that PKCS7#to_s returns a broken PEM. It looks like the behavior was changed in OpenSSL 1.0.1i:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=d70c0be4c1e33985a79d691786db72661fdfd057
But since the PKCS7 object is actually incomplete at that time you call PKCS7#to_s, I'm not sure whether if this is a bug or not.
Updated by rhenium (Kazuki Yamaguchi) over 7 years ago
- Has duplicate Bug #12794: Invalid ASN1 from OpenSSL::X509::Requests added