Certificate#crl_uris throws exception "undefined method `value' for nil (NoMethodError)"
#775
Comments
|
Could you provide a certificate that causes the exception? |
I will ask if I'm allowed to share the certificate. |
|
@rhenium Here you go: Certificate.zip |
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this issue
Jul 9, 2024
The implementation of OpenSSL::X509::Certificate#crl_uris makes the assumption that each DistributionPoint in the CRL distribution points extension contains a single general name of type URI. This is not guaranteed by RFC 5280. A DistributionPoint may only contains something other than a URI, or more than one URI. Let's include all URIs seen in the extension. If only non-URI pointers are found, return an empty array. Fixes: ruby#775
|
Thanks, it is helpful: The extension contains two #776 should fix it. |
rhenium
added a commit
to rhenium/ruby-openssl
that referenced
this issue
Jul 9, 2024
The implementation of OpenSSL::X509::Certificate#crl_uris makes the assumption that each DistributionPoint in the CRL distribution points extension contains a single general name of type URI. This is not guaranteed by RFC 5280. A DistributionPoint may only contains something other than a URI, or more than one URI. Let's include all URIs seen in the extension. If only non-URI pointers are found, return an empty array. Fixes: ruby#775
hsbt
pushed a commit
to hsbt/ruby
that referenced
this issue
Nov 14, 2024
…_uris The implementation of OpenSSL::X509::Certificate#crl_uris makes the assumption that each DistributionPoint in the CRL distribution points extension contains a single general name of type URI. This is not guaranteed by RFC 5280. A DistributionPoint may contain zero or more than one URIs. Let's include all URIs found in the extension. If only non-URI pointers are found, return nil. Fixes: ruby/openssl#775 ruby/openssl@71f4fef2fa
hsbt
pushed a commit
to ruby/ruby
that referenced
this issue
Nov 14, 2024
…_uris The implementation of OpenSSL::X509::Certificate#crl_uris makes the assumption that each DistributionPoint in the CRL distribution points extension contains a single general name of type URI. This is not guaranteed by RFC 5280. A DistributionPoint may contain zero or more than one URIs. Let's include all URIs found in the extension. If only non-URI pointers are found, return nil. Fixes: ruby/openssl#775 ruby/openssl@71f4fef2fa
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a certificate that errors out when calling
cert.crl_uriswith aNoMethodErrorfor anilvalue.Going through the code the certificate has two values in
cdp_asn1. The first one has the expected tag value of 6 for the URI. The second one, however, has a tag value of 4, leading to anilvalue incrl_uris. Looking at the code there might be other situations where anilvalue might be included incrl_uris.Having the
nilvalue incrl_urisleads to an error when callingcrl_uris&.map(&:value). This can be avoided by using#compact, i.e.crl_uris&.compact&.map(&:value).The text was updated successfully, but these errors were encountered: