x509, ssl, pkcs7: try to parse as DER-encoding first #442
Commits on May 19, 2021
-
x509, ssl, pkcs7: try to parse as DER-encoding first
Methods that take both PEM-encoding and DER-encoding have not been consistent in the order in which encoding to attempt to parse. A DER-encoding may contain a valid PEM block ("\n-----BEGIN ..-----" to "-----END ...-----") embedded within it. Also, the PEM-encoding parser allows arbitrary data around the PEM block and silently skips it. As a result, attempting to parse data in DER-encoding as PEM-encoding first can incorrectly finds the embedded PEM block instead. This commit ensures that DER encoding will always be attempted before PEM encoding. OpenSSL::X509::Certificate is one of the updated classes. With this, the following will always be true: # obj is an OpenSSL::X509::Certificate obj == OpenSSL::X509::Certificate.new(obj.to_der) obj == OpenSSL::X509::Certificate.new(obj.to_pem)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.