Comments (10)
Released in v1.23.3
from jc.
Thank you for reporting this! I’ll see if there is a fix for this in the upstream library, otherwise I may need to figure this out. I won’t be able to get to this for a few days.
from jc.
Not sure if this is relevant:
wbond/asn1crypto#144
from jc.
I don't think it is directly related, but I did some more digging and found RFC 5280 7.5 that states that internationalized domain names must be converted to an ascii-compatible format.
This means this is not a bug with jc. Whoever is generating these certificates is just not adhering to the RFC.
One might still want to consider a way to gracefully handle incorrect encodings, maybe a parser argument.
For my usecase, a full stop because of one incorrectly encoded field is not good, I'd rather have the fields that could be decoded and some sort of warning about the invalid one.
from jc.
Yep, I think we can definitely do something like that.
from jc.
Awesome! Thanks a lot for the quick responses!
from jc.
I have a fix in the dev
branch that allows for less-strict parsing of email addresses. Email addresses that don't meet the spec will be decoded into a bytestring and a warning message will be printed to STDERR.
% cat x509-cert-bad-email.pem | jc --x509-cert
Invalid email address found: m\xe4x@m\xfcstermann.de
[{"tbs_certificate":{"version":"v1","serial_number":"","signature":{"algorithm":"sha512_rsa","parameters":null},"issuer":{"country_name":"DE","state_or_province_name":"stateOrProvinceName","locality_name":"localityName","organization_name":"organizationName","organizational_unit_name":"organizationUnitName","common_name":"commonName","email_address":"emailAddress"},"validity":{"not_before":1686181858,"not_after":2001541858,"not_before_iso":"2023-06-07T23:50:58+00:00","not_after_iso":"2033-06-04T23:50:58+00:00"},"subject":{"country_name":"DE","state_or_province_name":"stateOrProvinceName","locality_name":"localityName","organization_name":"organizationName","organizational_unit_name":"organizationUnitName","common_name":"commonName","email_address":"emailAddress"},"subject_public_key_info":{"algorithm":{"algorithm":"rsa","parameters":null},"public_key":{"modulus":"aa:72:23:53:97:a6:e4:4e:7b:08:82:35:a5:3d:3a:83:f9:63:38:07:df:b8:38:61:7f:99:92:c8:31:6f:7f:ac:91:a4:47:64:7e:f9:2f:e0:9e:fd:d6:35:ee:50:78:55:47:fa:63:d4:b9:64:dc:d6:1d:f6:d6:67:4f:45:d1:96:81:3b:28:28:5f:c7:91:2f:a3:d5:a2:8d:3b:a0:21:91:25:6b:a9:40:5c:a4:8d:66:17:2a:3f:6e:61:74:fb:f4:35:25:e1:d1:64:aa:15:6c:6d:33:b6:f9:07:f2:a2:29:83:1c:b1:e5:97:3b:3e:14:ea:48:d6:c7:31:ea:3a:79:c1:28:a0:a7:ea:a6:7e:cf:c7:a3:00:d5:0d:70:00:f4:34:28:ab:f6:a3:80:7a:6f:01:9c:43:4a:a8:37:13:16:11:8f:e2:57:80:1d:df:50:4f:a3:2b:35:d9:d2:7d:1e:b6:b1:e4:b5:86:f2:a3:1c:63:c0:c2:e9:3e:f0:cf:23:e8:33:b4:da:ee:59:73:e9:94:16:1b:dd:33:8a:44:31:de:36:e2:58:1f:0e:75:fd:54:4b:6d:83:5f:a6:a1:dc:b6:1d:fc:45:1d:c9:1b:7a:01:d6:cc:0c:3d:1a:96:8b:0d:3b:20:a8:40:07:e0:c5:df:ad:1a:a2:86:47:f9:ca:f6:c5:a8:99:b8:60:e8:e2:09:ea:f5:0e:97:86:07:a6:ac:50:6b:19:06:f4:37:39:9a:0d:65:bb:89:e6:ae:eb:f3:a9:cd:72:c3:31:36:ef:ac:90:48:19:d0:84:df:b2:6d:9d:ef:6c:fd:9a:ff:3c:26:68:72:80:c2:c0:40:04:ba:84:39:69:5c:e9:b1:10:98:61:3d:1a:5c:a8:9e:79:48:2e:51:d0:c3:69:27:74:c1:ef:e2:98:2a:38:3c:6e:ea:7e:36:75:d3:3c:12:f5:cd:b2:a0:8a:0a:19:68:59:30:15:e3:cf:d3:4b:f4:99:a1:5a:3c:1f:c0:34:a3:e0:88:7a:44:6d:27:a9:87:2f:91:71:b4:c7:bb:c7:01:e2:fa:53:ef:09:1b:46:7b:df:52:f8:7a:cf:03:36:f9:b6:ce:a1:1c:3f:65:46:f8:13:cd:ac:9a:e2:19:43:26:b7:4a:2b:bd:da:94:d1:18:26:41:6e:19:2d:e1:6f:df:c4:c1:43:f6:8e:1e:99:d9:da:b2:8a:58:5e:5e:e8:a9:0c:4c:1d:a0:0f:50:b8:79:4b:3a:8a:4d:7a:7f:f4:10:b3:e8:d6:41:ec:57:e3:d1:c0:e1:fc:50:20:1c:f5:ad:84:a8:f6:af:2e:f4:cb:45:b7:4a:40:af:63:66:39:9b:73","public_exponent":65537}},"issuer_unique_id":null,"subject_unique_id":null,"extensions":[{"extn_id":"subject_alt_name","critical":false,"extn_value":["m\\xe4x@m\\xfcstermann.de"]}],"serial_number_str":"0"},"signature_algorithm":{"algorithm":"sha512_rsa","parameters":null},"signature_value":"78:ca:9f:d4:e7:e0:e9:95:6d:99:8f:ba:ca:69:ff:bd:2e:db:9f:4b:15:e5:ea:b8:c2:58:16:29:c2:2d:24:a3:62:36:91:61:ec:4b:99:e4:09:f9:a9:9b:fa:03:73:c1:ea:05:a9:ef:29:28:29:f6:00:aa:82:f8:53:1c:f0:6e:c0:87:ad:b2:93:24:ae:ba:56:f8:1c:62:54:23:d4:d5:66:a5:e1:36:cd:48:13:ad:fd:7b:4d:ff:c1:ee:de:fe:2f:d9:af:0e:82:7b:b0:58:2d:0c:e5:86:70:97:40:a5:ee:99:9a:96:59:14:8b:63:37:c5:04:07:17:58:04:56:d3:d9:71:a8:9c:c3:2f:21:77:19:ac:4d:95:83:f1:9f:91:0c:a3:8b:9c:1d:0e:0a:45:ed:e2:84:f9:57:6a:fa:5b:20:a8:15:26:d2:d8:34:2a:60:a7:d3:54:70:71:c3:17:aa:d7:3d:65:f5:5f:4e:a9:41:a2:e3:a7:c0:b4:5e:af:0b:48:64:f5:3a:08:0b:ec:c3:77:42:f8:13:19:45:19:7f:f8:09:79:1b:32:e2:9c:c2:91:b3:8d:e0:f4:e5:3f:9d:36:ae:22:a4:a8:d1:53:5b:c6:e3:ff:cb:a3:c0:47:ef:fd:b6:08:07:7a:97:1b:bf:cf:08:e0:5d:d1:4a:19:8a:14:c2:22:d0:79:b7:dc:76:d2:35:08:40:f8:33:80:8e:91:39:16:89:f5:51:18:d7:09:62:8d:47:ed:c6:e6:07:9d:d4:a8:3c:7a:df:e0:0d:bb:9a:a8:42:44:59:5d:f7:7b:f7:53:54:5f:0b:7f:1b:65:8d:df:bd:78:c9:e5:f8:57:e3:6b:e7:1f:d4:20:20:c3:0a:18:e2:6e:fa:10:e8:49:54:c7:25:6e:a1:5d:28:5f:45:f2:f1:c5:52:0e:28:c6:64:3a:4b:a6:d2:aa:66:e3:4d:fd:b2:3d:9c:30:b5:35:85:c8:44:93:53:f6:98:21:22:7c:36:8d:12:d9:d2:05:84:d0:22:b6:db:92:59:81:ea:26:3f:53:7b:a8:e8:34:c6:64:21:c0:e6:5b:3e:2b:23:6a:8b:dd:2d:63:25:46:ab:e7:a5:e4:1c:53:f0:e5:46:bb:80:17:da:ee:45:cf:da:34:34:3c:f4:61:a4:9e:00:92:a0:72:42:52:d9:9c:31:d0:90:6d:a7:90:53:9c:6a:49:83:55:f8:45:4a:1b:0c:da:65:1b:a3:d4:8c:b2:36:88:c3:c9:e2:ac:e2:93:e6:7c:fc:f6:e6:1b:35:21:26:d6:75:32:dc:98:dd:ba:7d:90:d8:48:25:36:7b:2e:f6:a1:72:bd:01"}]
This is ready to ship in the next release.
from jc.
Thanks a lot for the fix!
I can't think of any good way to report the warning back to the caller when used in code, but I guess one would just need to check the email address afterwards.
It is not repressed by the quiet
argument though, is that intended?
from jc.
I would have liked to have more control over how the warning message is presented, but since this is an external library I'm not able to (without some effort) inject the --quiet
state into the library or have it use the standard warning library used in jc
to print the message. Maybe I'll take another look and see if it's not too hard to do with a global variable or something.
from jc.
I was able to get the quiet
option working in the latest dev
commit.
from jc.
Related Issues (20)
- [new parser request] .srt subtitle file HOT 3
- Line by line parsing HOT 7
- [BUG?] Bluetoothctl Not Parsing Correctly HOT 7
- Proposal for `proc/net/tcp` Parser HOT 2
- Proposal for ''ip route'' Parser HOT 6
- [Feature] Add support for parsing WiFi from NetworkManager HOT 8
- New parser for ```find``` HOT 2
- Proposal "lsb_release -a" parser HOT 5
- Support for AWS key[name]/value format HOT 2
- --bluetoothctl option missing on Kali Linux installation? HOT 2
- Proposal `ansible-playbook --list-tags` parser HOT 4
- pidstat bug with two output tables HOT 6
- New parser request: curl --head HOT 5
- x509 parser crashes for certificates with negative serial number HOT 2
- netstat parser crashes for programs on UDP containing space HOT 3
- bug in handling multiline vars in the "env" parser HOT 3
- jc does not retain letter case of keys when converting from .ini to .json HOT 12
- New parser request: S.M.A.R.T. like smartmontools v7. HOT 7
- Issue parsing destination-unreachable ping on Ubuntu 22.04 HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jc.