cacert certificate rejected by unpackCertificate

armijnhemel / binaryanalysis-ng

Binary Analysis Next Generation (BANG)

GNU Affero General Public License v3.0

461 stars 66 forks source link

cacert certificate rejected by unpackCertificate #23

Open timhemel opened 5 years ago

timhemel commented 5 years ago

The archive at https://archive.synology.com/download/DSM/release/6.2.1/23824/DSM_DS112+_23824.pat contains a certificate file that is unpacked to

unpack/DSM_DS112+_23824.pat-tar-1/hda1.tgz-xz-1/unpacked-from-xz-tar-1/usr/lib/python2.7/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl-zip-1/pip/_vendor/requests/cacert.pem

unpackCertificate rejects this file and says that it is not a certificate.

timhemel commented 5 years ago

The error is when unpacking by extension:

FAIL DSM_DS112+_23824.pat-tar-1/hda1.tgz-xz-1/unpacked-from-xz-tar-1/usr/lib/python2.7/ensurepip/_bundled/pip-8.1.1-py2.py3-none-any.whl-zip-1/pip/_vendor/requests/cacert.pem known extension .pem: not a valid certificate (no begin)

At the same time, it extracts 166 certificates from this file, which are the certificates in this file.

armijnhemel commented 5 years ago

The two possibilities that are tried both give errors:

$ openssl asn1parse -inform DER -in cacert.pem 0:d=0 hl=2 l= 35 prim: ENUMERATED :204973737565723A204F3D45717569666178204F553D45717569666178205365637572 37:d=0 hl=2 l= 32 cons: appl [ 5 ]
Error in encoding 139851339802432:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:crypto/asn1/asn1_lib.c:91:

$ openssl asn1parse -inform PEM -in cacert.pem Error: offset out of range

meaning that likely another command needs to be used for it instead of asn1parse.