The result from certificate_registry.retrieve_by_key_identifier(certificate_list.authority_key_identifier) (lines 1304 to 1306) is not validated before the subject property is called:
I am calling verify_crl directly on some very broken SSL/TLS cert chains, so I can understand that I am using verify_crl out of the expected context, which is probably why I am encountering this problem. On the other hand, I think it would be fairly trivial to check that tmp_crl_issuer is not None before retrieving the subject property (or just continuing the loop if tmp_crl_issuer is None).
The result from certificate_registry.retrieve_by_key_identifier(certificate_list.authority_key_identifier) (lines 1304 to 1306) is not validated before the subject property is called:
https://github.com/wbond/certvalidator/blob/b69d3b745b5af9e5ccd4b9781407ab7e82076d6b/certvalidator/validate.py#L1307
I am calling verify_crl directly on some very broken SSL/TLS cert chains, so I can understand that I am using verify_crl out of the expected context, which is probably why I am encountering this problem. On the other hand, I think it would be fairly trivial to check that tmp_crl_issuer is not None before retrieving the subject property (or just continuing the loop if tmp_crl_issuer is None).