Error: Too few bytes to read ASN.1 value.

[cadegenn]

Describe the bug Upgrade to version 1.0.36 throws this error

/opt/meshcentral/node_modules/node-forge/lib/asn1.js:508
      throw error;
      ^

Error: Too few bytes to read ASN.1 value.
    at _fromDer (/opt/meshcentral/node_modules/node-forge/lib/asn1.js:504:19)
    at Object.asn1.fromDer (/opt/meshcentral/node_modules/node-forge/lib/asn1.js:458:15)
    at openFile (/opt/meshcentral/node_modules/meshcentral/authenticode.js:294:39)
    at Object.createAuthenticodeHandler (/opt/meshcentral/node_modules/meshcentral/authenticode.js:1289:13)
    at Object.CreateMeshCentralServer.obj.updateMeshAgentsTable (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:2908:75)
    at Object.CreateMeshCentralServer.obj.StartEx4 (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:1620:13)
    at Object.CreateMeshCentralServer.obj.StartEx3 (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:1568:17)
    at /opt/meshcentral/node_modules/meshcentral/meshcentral.js:1480:21
    at Object.obj.GetMeshServerCertificate (/opt/meshcentral/node_modules/meshcentral/certoperations.js:986:43)
    at Object.CreateMeshCentralServer.obj.StartEx2 (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:1477:35) {
  available: 3084,
  remaining: 3084,
  requested: 3085
}

odd is that another server with same version seems running fine. They do not have the same certificate.

The certificate is valid and have not changed since a couple of month.

Server Software (please complete the following information):

• Virtualization: kubernetes
• Network: LAN/WAN, reverse proxy, ssl offload,
• Version: 1.0.36
• Node: 16.15
• Browser: Google Chrome

Additional context I use this docker image -> https://hub.docker.com/layers/vegardit/meshcentral/1.0.x/images/sha256-13042a89fb3e5da3dde8d0c2e6eae7c92642713f505a4bdf00fcec5ca90f1a8c?context=explore

Can you point me to the right direction of the error please ? I am aware it may not be meshcentral's fault, I'm just investigating to debug the server.

Thank you very much

[Ylianst]

Looking into this one now.

[Ylianst]

I just put in a fix for this, will be in MeshCentral v1.0.37

[cadegenn]

Hi, Thank you for investigating this issue. I just tried MeshCentral v1.0.38 this mornig, still same error.

[cadegenn]

It seems a certificate cannot be read correctly. How do I know which certificate is causing this error ? I can't see in the log file any info about it.

[Ylianst]

Is it exactly the same error with exactly the same line numbers? If not, can you post the new error? I will work on it today. Thanks.

[cadegenn]

Hi, the error just now (from mesherrors.txt) :

-------- 6/21/2022, 8:12:22 AM ---- 1.0.38 --------

/opt/meshcentral/node_modules/node-forge/lib/asn1.js:508
      throw error;
      ^

Error: Too few bytes to read ASN.1 value.
    at _fromDer (/opt/meshcentral/node_modules/node-forge/lib/asn1.js:504:19)
    at Object.asn1.fromDer (/opt/meshcentral/node_modules/node-forge/lib/asn1.js:458:15)
    at Object.obj.sign (/opt/meshcentral/node_modules/meshcentral/authenticode.js:1266:39)
    at Object.CreateMeshCentralServer.obj.signMeshAgents (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:2942:35)
    at Object.CreateMeshCentralServer.obj.StartEx4 (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:1620:13)
    at Object.CreateMeshCentralServer.obj.StartEx3 (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:1568:17)
    at /opt/meshcentral/node_modules/meshcentral/meshcentral.js:1480:21
    at Object.obj.GetMeshServerCertificate (/opt/meshcentral/node_modules/meshcentral/certoperations.js:986:43)
    at Object.CreateMeshCentralServer.obj.StartEx2 (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:1477:35)
    at /opt/meshcentral/node_modules/meshcentral/meshcentral.js:1469:21 {
  available: 3084,
  remaining: 3084,
  requested: 3085
}

You can review our plublic certificate at https://meshcentral.calypso.univ-lr.fr if you want to see what could be wrong with it. Thank you very much

[Ylianst]

I added more error handling in authenticode-js, but that will just fail and continue, not fix the problem. I can't get your certificate using the link provided, but feel free to mail me only the public portion of the certificate, my contact info is here. Can you mail me exactly the certificate file you have in "meshcentral-data", that is the exact same file name and content (removing any private keys and put XXXXX instead). That way, I can see if there is a parsing error. Thanks.

[cadegenn]

Thank you. New error backtrace is

-------- 6/22/2022, 7:58:11 AM ---- 1.0.39 --------

/opt/meshcentral/node_modules/node-forge/lib/asn1.js:508
      throw error;
      ^

Error: Too few bytes to read ASN.1 value.
    at _fromDer (/opt/meshcentral/node_modules/node-forge/lib/asn1.js:504:19)
    at Object.asn1.fromDer (/opt/meshcentral/node_modules/node-forge/lib/asn1.js:458:15)
    at Object.obj.sign (/opt/meshcentral/node_modules/meshcentral/authenticode.js:1294:39)
    at Object.CreateMeshCentralServer.obj.signMeshAgents (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:2979:39)
    at Object.CreateMeshCentralServer.obj.StartEx4 (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:1620:13)
    at Object.CreateMeshCentralServer.obj.StartEx3 (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:1568:17)
    at /opt/meshcentral/node_modules/meshcentral/meshcentral.js:1480:21
    at Object.obj.GetMeshServerCertificate (/opt/meshcentral/node_modules/meshcentral/certoperations.js:986:43)
    at Object.CreateMeshCentralServer.obj.StartEx2 (/opt/meshcentral/node_modules/meshcentral/meshcentral.js:1477:35)
    at /opt/meshcentral/node_modules/meshcentral/meshcentral.js:1469:21 {
  available: 3084,
  remaining: 3084,
  requested: 3085
}

the public part of the certificate is attached to this message. calypso.univ-lr.fr.txt

[silversword411]

Looks like fun

https://docs.microsoft.com/en-us/windows/win32/seccertenroll/about-introduction-to-asn-1-syntax-and-encoding

[Ylianst]

I found the a root cause of this issue and fixed it. MeshCentral v1.0.40 is now published and should work. Let me know if it works for you.

[edjayz]

After the update, i have this warning ATTENTION: Failed to sign agent MeshService.exe: Error: Too few bytes to read ASN.1 value. ATTENTION: Failed to sign agent MeshService64.exe: Error: Too few bytes to read ASN.1 value.

[Ylianst]

"After the update" - What version are you running now?

[edjayz]

Hello Ylianst, I was on 1.0.26 yesterday and updated Meshcentral to 1.0.39. I encountered the same error as the person who opened the topic. I Rollbacked my container on debian 11 then I updated from 1.0.26 to 1.0.40 which gave me this error.

[cadegenn]

Thank you very much for this new version. I can login again and access all my clients previously connected to meshcentral. Though it seems to work, I get the same error as @edjayz in the server status page. (I confirm my server is 1.0.40) What are the consequences of the error ? Can we still deploy agent on new clients ?

[LPJon]

@Ylianst I can also confirm. My server is version 1.0.50

[LPJon]

@Ylianst This seems to be related to the "Title" section of the domain in the config.json using characters that are not allowed. Mine has the ® and ™ (Laptop Pitstop® Hyper Connect™) in my domain title so it is trying to put it into the

"desc":"Laptop Pitstop® Hyper Connect™"

field which authenticode.js does not know how to handle.

[LPJon]

After removing those two characters the agent signing went just fine and the error is gone.

[edjayz]

Hello, I have tested your solution and it works. Thank you and Ylianst :-)

[LPJon]

@Ylianst Is there any way to allow these characters to be entered on the description of executables when signed with authenticode.js?

[aleJohnny]

I can confirm that I can only see this error message when using not allowed character. Was using an ç in title, beside didn't show any notice problem with clients in general, was causing the error message. After changed to c, the problem was solved.

Maybe is something related how encode the file? Didn't try because for me it's fine, but could be the problem.

[dinger1986]

@si458 @silversword411 maybe needs docs and can be closed?