search

mozilla / crlite

WebPKI-level Certificate Revocation via Multi-Level Bloom Filter Cascade
http://www.cs.umd.edu/~dml/papers/crlite_oakland17.pdf
Mozilla Public License 2.0
77 stars 6 forks source link

will not process revocations: asn1: syntax error: data truncated #36

Closed jcjones closed 4 years ago

jcjones commented 4 years ago

Related to #18 - This dropped the issuer out of CRLite:

  subject = SERIALNUMBER=ZZZZZZA3,CN=Siemens Issuing CA EE Enc 2016,OU=Siemens Trust Center,O=Siemens,L=Muenchen,ST=Bayern,C=DE
  public_key_hash = 27n7khZ5-Np87z6aLw4RQRXZ3DgzlUK97JppGYxBCL4=
  * enrolled = {'20191125-0-enrolled.json': False, '20191125-1-enrolled.json': True, '20191125-3-enrolled.json': True}

E1125 00:02:34.352169 12 aggregate-crls.go:187] [/processing/crls/27n7khZ5-Np87z6aLw4RQRXZ3DgzlUK97JppGYxBCL4=/ch.siemens.com-pki-46665e724f21de91.crl] Error parsing, will not process revocations: asn1: syntax error: data truncated

We should figure out how to be safer when this kind of error happens.

jcjones commented 4 years ago

This was probably fixed at the same time as #18, but let's leave this open until we analyze newer logs

jcjones commented 4 years ago

Searching 7 days of logs finds no incidence of asn1: syntax error: nor data truncated