Exporting a cert to DER creates an invalid encoding
Categories
(Core :: Security: PSM, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox72 | --- | fixed |
People
(Reporter: kevin.kevinhart, Assigned: keeler)
Details
(Whiteboard: [psm-assigned])
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Steps to reproduce:
Used the certificate viewer, "Details" tab, "Export" button and selected "X.509 Certificate (DER)" or "X.509 Certificate (PKCS#7)" for "save as type".
Actual results:
The exported DER file appears to be invalid. The first two bytes are 0x30, 0xC2, which would indicate a SEQUENCE that is so long it takes 66 bytes to encode its length.
If I try to parse it with openssl, I get
139808150917568:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:../crypto/asn1/asn1_lib.c:101:
(OpenSSL 1.1.0g 2 Nov 2017)
Possibly related to 1439939
Expected results:
A valid DER file should have been created. The PEM file that is created is fine, and using openssl to create a DER file from the exported PEM file produces
Updated•5 years ago
|
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
OS.File.writeAtomic expects either a utf-8 string or a typed array. This patch
fixes instances in pippki.js in certificate export where this was not
guaranteed to be the case. It also extends the test for this functionality to
cover more cases.
Pushed by dkeeler@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/94f423368ebd pass a typed array to OS.File.writeAtomic in certificate export r=Gijs
Comment 3•5 years ago
|
||
bugherder |
Description
•