search

alecmuffett / certificate-transparency

Automatically exported from code.google.com/p/certificate-transparency
0 stars 0 forks source link

cert.subject_alternative_names or name.parse_alternative_name doesn't handle Null case #7

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 

cert.subject_alternative_name:

        general_names = self.__get_decoded_extension_value(
            x509_extension.ID_CE_SUBJECT_ALT_NAME)

       This can be none.

then it goes to 

name.py parse_alternative name

   return [GeneralName(n) for n in asn1_alternative_names_extension]

which then explodes

    return [GeneralName(n) for n in asn1_alternative_names_extension]
TypeError: 'NoneType' object is not iterable

A quick hack might be:

diff --git a/src/python/ct/crypto/name.py b/src/python/ct/crypto/name.py
index a7ef6f7..b0ceb9b 100644
--- a/src/python/ct/crypto/name.py
+++ b/src/python/ct/crypto/name.py
@@ -83,6 +83,7 @@ def parse_alternative_names(asn1_alternative_names_extension):
     Returns:
         A lit of GeneralName instances.
     """
-
+    if asn1_alternative_names_extension is None:
+        return None

or maybe

return [] 

??

Here's a sample cert to test with (it's an intermediate cert):

-----BEGIN CERTIFICATE-----
MIID1TCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xFDASBgNVBAMTC1JhcGlkU1NM
IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3H4Vsce2cy1rfa0
l6P7oeYLUF9QqjraD/w9KSRDxhApwfxVQHLuverfn7ZB9EhLyG7+T1cSi1v6kt1e
6K3z8Buxe037z/3R5fjj3Of1c3/fAUnPjFbBvTfjW761T4uL8NpPx+PdVUdp3/Jb
ewdPPeWsIcHIHXro5/YPoar1b96oZU8QiZwD84l6pV4BcjPtqelaHnnzh8jfyMX8
N8iamte4dsywPuf95lTq319SQXhZV63xEtZ/vNWfcNMFbPqjfWdY3SZiHTGSDHl5
HI7PynvBZq+odEj7joLCniyZXHstXZu8W1eefDp6E63yoxhbK1kPzVw662gzxigd
gtFQiwIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa2k9ahhC
St2PAmU5/TUkhniRFjAwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4w
EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js
Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw
JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTANBgkqhkiG9w0B
AQUFAAOCAQEAq7y8Cl0YlOPBscOoTFXWvrSY8e48HM3P8yQkXJYDJ1j8Nq6iL4/x
/torAsMzvcjdSCIrYA+lAxD9d/jQ7ZZnT/3qRyBwVNypDFV+4ZYlitm12ldKvo2O
SUNjpWxOJ4cl61tt/qJ/OCjgNqutOaWlYsS3XFgsql0BYKZiZ6PAx2Ij9OdsRu61
04BqIhPSLT90T+qvjF+0OJzbrs6vhB6m9jRRWXnT43XcvNfzc9+S7NIgWW+c+5X4
knYYCnwPLKbK3opie9jzzl9ovY8+wXS7FXI6FoOpC+ZNmZzYV+yoAVHHb1c0XqtK
LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
-----END CERTIFICATE-----

Original issue reported on code.google.com by nickgsup...@gmail.com on 28 Sep 2013 at 7:32

GoogleCodeExporter commented 9 years ago 
Well spotted. Fixed in 
https://code.google.com/p/certificate-transparency/source/detail?r=4fadbafca80bc
a0e291e987fd61c6188a4c93fb6

Original comment by ekasper@google.com on 30 Sep 2013 at 2:30