Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Malformed certificates in version 1.2.5 #341

Open
msilewicz opened this issue Mar 1, 2023 · 2 comments
Open

Malformed certificates in version 1.2.5 #341

msilewicz opened this issue Mar 1, 2023 · 2 comments

Comments

@msilewicz
Copy link

msilewicz commented Mar 1, 2023
edited
Loading

  • YubiKey Manager version: 1-2-5
  • How was it installed?: From offical AppImage
  • Operating system and version: Linux Mint 21.1
  • YubiKey model and version: Yubikey 5 NFC
  • Bug description summary: Version 1.2.5 PIV does not properly displays x509 certificates

Steps to reproduce
Import certificate to any of the slot in version 1.2.4 from PKCS#12 file and try to see this certificate in version 1.2.5
there should be some details from certificate visible - however only "Malformed certificate" is visible

Expected result
Certificate details should be visible

[What did you expect to happen when you did the above?]

Application should work in the same way as version 1.2.4 in this area.

Actual results

[What actually happened?]

Other info
when trying to export such malformed certificate - following is printed on linux terminal :

msilewicz@zenbook:~/Pobrane$ ./yubikey-manager-qt-1.2.5-linux.AppImage
Uncaught exception
Traceback (most recent call last):
File "/tmp/.mount_yubike1yasMa/usr/lib/python3.11/site-packages/yubikit/piv.py", line 723, in get_certificate
return x509.load_der_x509_certificate(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/tmp/.mount_yubike1yasMa/usr/lib/python3.11/site-packages/cryptography/x509/base.py", line 562, in load_der_x509_certificate
return rust_x509.load_der_x509_certificate(data)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ValueError: error parsing asn1 value: ParseError { kind: EncodedDefault, location: ["RawCertificate::tbs_cert", "TbsCertificate::extensions", 0, "Extension::critical"] }

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "qrc:///py/yubikey.py", line 78, in wrapped
return f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^
File "qrc:///py/yubikey.py", line 812, in piv_export_certificate
cert = session.get_certificate(SLOT[slot])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/tmp/.mount_yubike1yasMa/usr/lib/python3.11/site-packages/yubikit/piv.py", line 727, in get_certificate
raise BadResponseError("Invalid certificate", e)
yubikit.core.BadResponseError: ('Invalid certificate', ValueError('error parsing asn1 value: ParseError { kind: EncodedDefault, location: ["RawCertificate::tbs_cert", "TbsCertificate::extensions", 0, "Extension::critical"] }'))
qml: Unmapped error: null ('Invalid certificate', ValueError('error parsing asn1 value: ParseError { kind: EncodedDefault, location: ["RawCertificate::tbs_cert", "TbsCertificate::extensions", 0, "Extension::critical"] }'))
@msilewicz
Copy link
Author

Mentioned earlier certificate is of course perfectly ok -it is not malformed.

@fdennis
Copy link
Contributor

fdennis commented Mar 22, 2023

Hi,
Thanks for the report! I am not able to reproduce. Could you perhaps share a bit more information and/or steps? How are you creating the certificate and how are you importing it?

You could also try running the application through the terminal with --log-level DEBUG at the end and see if it prints any stack trace or similar when it is showing the malformed certificate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fdennis @msilewicz