search

wbond / certvalidator

Python library for validating X.509 certificates and paths
MIT License
107 stars 31 forks source link

Can not load OCSP response #8

Open huytn opened 7 years ago

huytn commented 7 years ago

I got error but it is ok with openssl command.

Traceback (most recent call last):
  File "test_ocsp.py", line 32, in <module>
    valid_path = validator.validate_usage(validator._certificate.key_usage_value.native, set(validator._certificate.extended_key_usage_value.native))
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/__init__.py", line 193, in validate_usage
    self._validate_path()
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/__init__.py", line 121, in _validate_path
    validate_path(self._context, candidate_path)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/validate.py", line 50, in validate_path
    return _validate_path(validation_context, path)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/validate.py", line 387, in _validate_path
    end_entity_name_override=end_entity_name_override
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/validate.py", line 895, in verify_ocsp_response
    ocsp_responses = validation_context.retrieve_ocsps(cert, issuer)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/context.py", line 500, in retrieve_ocsps
    **self._ocsp_fetch_params
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/ocsp_client.py", line 112, in fetch
    ocsp_response = ocsp.OCSPResponse.load(response.read())
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/asn1crypto/core.py", line 230, in load
    value, _ = _parse_build(encoded_data, spec=spec, spec_params=kwargs, strict=strict)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/asn1crypto/core.py", line 5095, in _parse_build
    info, new_pointer = _parse(encoded_data, encoded_len, pointer)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/asn1crypto/parser.py", line 164, in _parse
    raise ValueError(_INSUFFICIENT_DATA_MESSAGE % (2, data_len - pointer))
ValueError: Insufficient data - 2 bytes requested but only 0 available
huytn commented 7 years ago

This is my fault, I read data from response before call OCSPResponse.load function.

After fixing, I got new error:

Traceback (most recent call last):
  File "test_ocsp.py", line 32, in <module>
    valid_path = validator.validate_usage(validator._certificate.key_usage_value.native, set(validator._certificate.extended_key_usage_value.native))
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/__init__.py", line 193, in validate_usage
    self._validate_path()
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/__init__.py", line 121, in _validate_path
    validate_path(self._context, candidate_path)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/validate.py", line 50, in validate_path
    return _validate_path(validation_context, path)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/validate.py", line 386, in _validate_path
    end_entity_name_override=end_entity_name_override
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/validate.py", line 891, in verify_ocsp_response
    ocsp_responses = validation_context.retrieve_ocsps(cert, issuer)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/context.py", line 507, in retrieve_ocsps
    self._extract_ocsp_certs(ocsp_response)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/context.py", line 534, in _extract_ocsp_certs
    if self.certificate_registry.add_other_cert(other_cert):
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/certvalidator/registry.py", line 199, in add_other_cert
    if cert.key_identifier:
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/asn1crypto/x509.py", line 2250, in key_identifier
    if not self.key_identifier_value:
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/asn1crypto/x509.py", line 1931, in key_identifier_value
    self._set_extensions()
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/asn1crypto/x509.py", line 1885, in _set_extensions
    setattr(self, attribute_name, extension['extn_value'].parsed)
  File "/Users/huytn/.pyenv/versions/2.7.13/lib/python2.7/site-packages/asn1crypto/core.py", line 3205, in __getitem__
    raise e
ValueError: Insufficient data - 2 bytes requested but only 0 available
    while parsing asn1crypto.core.ParsableOctetString
    while parsing asn1crypto.x509.Extension

The attribute name is "_ocsp_no_check_value"

wbond commented 4 years ago

Can you provide some example data that throws this exception?