search

jfromaniello / selfsigned

Generate self-signed certificates from node.js
MIT License
237 stars 53 forks source link

Update node forge #20

Closed sandrinodimattia closed 6 years ago

sandrinodimattia commented 6 years ago

This PR will update node-forge to the latest 0.7 release in order to fix this kind of error with the self signed certificates: https://github.com/openssl/openssl/issues/4320

Steps to reproduce can be found here: https://gist.github.com/sandrinodimattia/8ef6094325e7254473a16925898ab0a1

Running the script with node-forge@0.6.33 results in this type of output (it can take some time before the error shows):

Validating 4
Validating 5
Validating 6
Validating 7
Validating 8
Validating 9
Validating 10
Validating 11
Validating 12
Validating 13
Validating 14
Validating 15
Validating 16
Validating 17
Validating 18
Validating 19
Validating 20
Validating 21
unable to load certificate
140735992324928:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding:crypto/asn1/a_int.c:187:
140735992324928:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:609:Field=serialNumber, Type=X509_CINF
140735992324928:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:609:Field=cert_info, Type=X509
140735992324928:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:

Now with the node-forge update to 0.7.1 there are no errors at all (after generating and validating 10.000 certs)

Note: I had to update the tests for pkcs7. The output from node-forge and OpenSSL 1.1 is slightly different, so instead of just comparing the output I use OpenSSL to convert the pkcs7 file to a cert and compare that cert to the generated cert.