failed to parse some pkcs7 cert

sassoftware / relic

Relic is a service and a tool for adding digital signatures to operating system packages for Linux and Windows

Apache License 2.0

151 stars 41 forks source link

failed to parse some pkcs7 cert #11

Closed virusdefender closed 3 years ago

virusdefender commented 3 years ago

explorer.exe.zip

the error message is

 asn1: structure error: tags don't match (16 vs {class:2 tag:1 length:719 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} certificate @4

mtharp commented 3 years ago

Thanks for the report. It looks like Microsoft is adding an extra cert to its timestamps that has a badly-formatted version field, perhaps for backwards compatibility.

This patch will ignore the parse error as long as the other certs are sufficient to build a trust chain.