Error in response to a revoked certificate

[Giraphe]

Hi,

I am trying to use the r509-ocsp-responder with this project r509-validity-crl to read revoked certificates from an exported CRL. If I check the validity of a valid certificate everything works great. But if I test the validity of a certificate that is revoked in the CRL I get an error :

From client side :

openssl ocsp -issuer signer5.prod.lan.crt -CAfile ca-prod-lan.crt -cert 20180820-test1.prod.lan.crt -url http://ocsp.prod.lan:2560 Error querying OCSP responder 140402770768064:error:27076072:OCSP routines:parse_http_line1:server response error:../crypto/ocsp/ocsp_ht.c:260:Code=500,Reason=Internal Server Error

From server side :

I, [2018-09-05T16:39:02.112985 #15705]  INFO -- : POST Request: MHAwbjBHMEUwQzAJBgUrDgMCGgUABBRPn4Xvbns+uY0RFkVYm68BhKeX7QQU24bizBCOLxhDqOMLaL2aTrThbVwCChn/T28sZ81EGoSiIzAhMB8GCSsGAQUFBzABAgQSBBCmDWyyjk3o7eHf4vzXAahR
I, [2018-09-05T16:39:02.114076 #15705]  INFO -- : /C=MC/ST=Monaco/L=Monaco/O=DRS/CN=signer5.prod.lan found for issuer
E, [2018-09-05T16:39:02.114618 #15705] ERROR -- : unexpected error no implicit conversion of String into Integer
2018-09-05 16:39:02 - TypeError - no implicit conversion of String into Integer:
    /var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:197:in `add_status'
    /var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:197:in `block in create_basic_response'
    /var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:191:in `each'
    /var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:191:in `create_basic_response'
    /var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:42:in `handle_request'
    /var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/responder/server.rb:89:in `handle_ocsp_request'
    /var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/responder/server.rb:80:in `block in <class:Server>'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1635:in `call'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1635:in `block in compile!'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:992:in `block (3 levels) in route!'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1011:in `route_eval'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:992:in `block (2 levels) in route!'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1040:in `block in process_route'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1038:in `catch'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1038:in `process_route'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:990:in `block in route!'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:989:in `each'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:989:in `route!'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1097:in `block in dispatch!'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `block in invoke'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `catch'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `invoke'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1094:in `dispatch!'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:924:in `block in call!'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `block in invoke'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `catch'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `invoke'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:924:in `call!'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:913:in `call'
    /var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/null_logger.rb:9:in `call'
    /var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/head.rb:12:in `call'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:194:in `call'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1958:in `call'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1502:in `block in call'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1729:in `synchronize'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1502:in `call'
    /var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/tempfile_reaper.rb:15:in `call'
    /var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/lint.rb:49:in `_call'
    /var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/lint.rb:37:in `call'
    /var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/show_exceptions.rb:23:in `call'
    /var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/common_logger.rb:33:in `call'
    /var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:231:in `call'
    /var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/chunked.rb:54:in `call'
    /var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/content_length.rb:15:in `call'
    /var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/configuration.rb:225:in `call'
    /var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/server.rb:658:in `handle_request'
    /var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/server.rb:472:in `process_client'
    /var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/server.rb:332:in `block in run'
    /var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/thread_pool.rb:133:in `block in spawn_thread'
**E, [2018-09-05T16:39:02.119184 #15705] ERROR -- : #<TypeError: no implicit conversion of String into Integer>
E, [2018-09-05T16:39:02.119378 #15705] ERROR -- : /var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:197:in `add_status'**
/var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:197:in `block in create_basic_response'
/var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:191:in `each'
/var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:191:in `create_basic_response'
/var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb:42:in `handle_request'
/var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/responder/server.rb:89:in `handle_ocsp_request'
/var/lib/gems/2.3.0/gems/r509-ocsp-responder-0.3.3/lib/r509/ocsp/responder/server.rb:80:in `block in <class:Server>'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1635:in `call'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1635:in `block in compile!'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:992:in `block (3 levels) in route!'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1011:in `route_eval'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:992:in `block (2 levels) in route!'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1040:in `block in process_route'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1038:in `catch'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1038:in `process_route'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:990:in `block in route!'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:989:in `each'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:989:in `route!'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1097:in `block in dispatch!'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `block in invoke'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `catch'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `invoke'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1094:in `dispatch!'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:924:in `block in call!'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `block in invoke'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `catch'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1076:in `invoke'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:924:in `call!'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:913:in `call'
/var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/null_logger.rb:9:in `call'
/var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/head.rb:12:in `call'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:194:in `call'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1958:in `call'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1502:in `block in call'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1729:in `synchronize'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:1502:in `call'
/var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/tempfile_reaper.rb:15:in `call'
/var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/lint.rb:49:in `_call'
/var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/lint.rb:37:in `call'
/var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/show_exceptions.rb:23:in `call'
/var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/common_logger.rb:33:in `call'
/var/lib/gems/2.3.0/gems/sinatra-2.0.3/lib/sinatra/base.rb:231:in `call'
/var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/chunked.rb:54:in `call'
/var/lib/gems/2.3.0/gems/rack-2.0.5/lib/rack/content_length.rb:15:in `call'
/var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/configuration.rb:225:in `call'
/var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/server.rb:658:in `handle_request'
/var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/server.rb:472:in `process_client'
/var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/server.rb:332:in `block in run'
/var/lib/gems/2.3.0/gems/puma-3.12.0/lib/puma/thread_pool.rb:133:in `block in spawn_thread'
172.22.1.8 - - [05/Sep/2018:16:39:02 +0200] "POST / HTTP/1.0" 500 64 0.0094

The server does not crash it simply responds internal server error.

I believe the syntax has evolved since 2014

Thanks

Raphaël

[reaperhulk]

Looks like there's a type issue. Probably relatively simple to fix and I'd be happy to take a patch to fix it but otherwise this project is unmaintained at the moment since no one has expressed interest in taking it over.

[Giraphe]

Hi Paul,

Thanks for your answer,

There was in effect 2 minor updates to make. As I am not a developer and I don't know Ruby this has taken some time :) The file to modify is in the r509-ocsp-responder project : r509-ocsp-responder-0.3.3/lib/r509/ocsp/signer.rb

The patch file gives the changes to avoid the internal error that appeared while the certificate was revoked.

Thanks

Raphaël

Le mer. 5 sept. 2018 à 17:02, Paul Kehrer notifications@github.com a écrit :

Looks like there's a type issue. Probably relatively simple to fix and I'd be happy to take a patch to fix it but otherwise this project is unmaintained at the moment since no one has expressed interest in taking it over.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/r509/r509-validity-crl/issues/3#issuecomment-418764090, or mute the thread https://github.com/notifications/unsubscribe-auth/AIS3p6xMtP0HTE71wWE1imOEG1U0mjCrks5uX-d8gaJpZM4WbEwp .