Skip to content

Commit

Permalink
Error::UnsupportedCertVersion instead of BadDER on certificate v1
Browse files Browse the repository at this point in the history
  • Loading branch information
stepancheg committed Feb 16, 2021
1 parent 082a744 commit 1803ae7
Show file tree
Hide file tree
Showing 4 changed files with 15 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/cert.rs
Original file line number Diff line number Diff line change
Expand Up @@ -135,7 +135,7 @@ fn version3(input: &mut untrusted::Reader) -> Result<(), Error> {
der::nested(
input,
der::Tag::ContextSpecificConstructed0,
Error::BadDER,
Error::UnsupportedCertVersion,
|input| {
let version = der::small_nonnegative_integer(input)?;
if version != 2 {
Expand Down
2 changes: 1 addition & 1 deletion src/trust_anchor.rs
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ impl<'a> TrustAnchor<'a> {
possibly_invalid_certificate_serial_number,
) {
Ok(cert) => Ok(Self::from(cert)),
Err(Error::BadDER) => parse_cert_v1(cert_der).or(Err(Error::BadDER)),
Err(Error::UnsupportedCertVersion) => parse_cert_v1(cert_der).or(Err(Error::BadDER)),
Err(err) => Err(err),
}
}
Expand Down
Binary file added tests/cert_v1.der
Binary file not shown.
13 changes: 13 additions & 0 deletions tests/cert_v1_unsupported.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
use std::convert::TryFrom;

// Check with `openssl x509 -text -noout -in cert_v1.der -inform DER`
// to verify this is a correct 1 certificate.
const CERT_V1_DER: &[u8] = include_bytes!("cert_v1.der");

#[test]
fn error() {
assert_eq!(
Some(webpki::Error::UnsupportedCertVersion),
webpki::EndEntityCert::try_from(CERT_V1_DER).err()
);
}

0 comments on commit 1803ae7

Please sign in to comment.