Skip to content

Fix GH-13343: openssl_x509_parse should not allow omitted seconds in UTCTimes #14439

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Fix GH-13343: openssl_x509_parse should not allow omitted seconds in UTCTimes #14439

wants to merge 1 commit into from

Conversation

bukka
Copy link
Member

@bukka bukka commented Jun 2, 2024

This mostly reverts #2444 and adds special tests for OpenSSL 3.3 where even parsing fails for certs with ASN.1 UTCTime without seconds

Girgias
Girgias reviewed Jun 2, 2024
View reviewed changes
Copy link
Member

@Girgias Girgias left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks sensible to me, not sure what issue the initial PR fixed.

@bukka bukka mentioned this pull request Jun 2, 2024
Closed
@bukka bukka changed the base branch from master to PHP-8.2 June 2, 2024 17:06
@bukka bukka force-pushed the openssl_x509_parse_utctime_sec branch from 4511e3f to 6407c17 Compare June 2, 2024 17:06
@bukka
Copy link
Member Author

bukka commented Jun 2, 2024

Think the initial PR followed this tutorial https://obj-sys.com/asn1tutorial/node15.html but that doesn't exactly follow the actual spec. Think it might be actually ok for BER but OpenSSL is mostly DER. Currently certs with missing seconds are not decoded from OpenSSL 3.3. It wasn't fixed there as a bug for stable versions though so not 100% if we should treat it so as well. I'm targeting 8.2 but if anyone thinks that it should go only to master, I would be happy to target master only and just fix the test in stable versions.

This was referenced Jun 2, 2024
Closed
Open
@bukka bukka closed this in 98736e8 Jun 9, 2024
@bukka
Copy link
Member Author

bukka commented Jun 9, 2024

I decided to apply this only to master.

@orlitzky orlitzky mentioned this pull request Aug 3, 2024
Draft
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Girgias Girgias Girgias left review comments

Assignees
No one assigned
Labels
Extension: openssl
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bukka @Girgias