Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
X.509: Enhance negative testing for CertificatePolicy extension #2836
X.509: Enhance negative testing for CertificatePolicy extension #2836
Changes from all commits
82a1fe5
7b8330a
c15ff98
6dfa665
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using https://lapo.it/asn1js/ shows that the issue here is that the policy has an invalid CertPolicyId. (30). Not an invalid outer length as in the test description
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The OCTET STRING should be a SEQUENCE of Policies which themselves are SEQUENCES of PolicyIDs, and this test exercises the 'outer' SEQUENCE TLV not being well-formed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand it's not being well formed, but I am not sure that it's a matter of outer length missing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using https://lapo.it/asn1js/ shows that the issue here is that the policy has an invalid encoding for CertPolicyId. (3085). Not an invalid encoding outer length as in the test description
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is
MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE
the error we expect when an unknown critical extension exists?Since the certificate contains a critical unknown extension, I think the error code should be more strict than an unknown feature error ( even both are error codes that stop the parsing).
THis is out of scope of this PR, but this comment is for tracking this issue