Given an individual PEM-encoded certificate cert, I want to validate it against a certification chain located in ./cc_certs/PT.pem which I open to build a list of intermediate certificates:
def validate(cert):
intermediates = []
with open('./cc_certs/PT.pem', 'rb') as f:
for _, _, der_bytes in pem.unarmor(f.read(), multiple=True):
intermediates.append(der_bytes)
validator = CertificateValidator(cert, intermediates)
validator.validate_usage(set(['digital_signature']))
Simple use-case that's well documented. However when running this it blows up complaining about a TypeError
Traceback (most recent call last):
File "client.py", line 114, in <module>
smartcard.validate(cc_cert)
File "/Users/fabio/Code/security2017-p1g2/src/chat/smartcard.py", line 38, in validate
validator.validate_usage(set(['digital_signature']))
File "/usr/local/lib/python3.6/site-packages/certvalidator/__init__.py", line 193, in validate_usage
self._validate_path()
File "/usr/local/lib/python3.6/site-packages/certvalidator/__init__.py", line 121, in _validate_path
validate_path(self._context, candidate_path)
File "/usr/local/lib/python3.6/site-packages/certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/usr/local/lib/python3.6/site-packages/certvalidator/validate.py", line 407, in _validate_path
end_entity_name_override=end_entity_name_override
File "/usr/local/lib/python3.6/site-packages/certvalidator/validate.py", line 1243, in verify_crl
if isinstance(distribution_point['crl_issuer'], x509.GeneralNames):
TypeError: string indices must be integers
Sometimes the error also happens to be
Traceback (most recent call last):
File "client.py", line 114, in <module>
smartcard.validate(cc_cert)
File "/Users/fabio/Code/security2017-p1g2/src/chat/smartcard.py", line 39, in validate
validator.validate_usage(set(['digital_signature']))
File "/usr/local/lib/python3.6/site-packages/certvalidator/__init__.py", line 193, in validate_usage
self._validate_path()
File "/usr/local/lib/python3.6/site-packages/certvalidator/__init__.py", line 121, in _validate_path
validate_path(self._context, candidate_path)
File "/usr/local/lib/python3.6/site-packages/certvalidator/validate.py", line 50, in validate_path
return _validate_path(validation_context, path)
File "/usr/local/lib/python3.6/site-packages/certvalidator/validate.py", line 386, in _validate_path
end_entity_name_override=end_entity_name_override
File "/usr/local/lib/python3.6/site-packages/certvalidator/validate.py", line 956, in verify_ocsp_response
if moment > cert_response['next_update'].native:
TypeError: '>' not supported between instances of 'datetime.datetime' and 'NoneType'
What do these errors mean? Or why does the error appear to be random? I tried to trace the exception in the source code but I don't know why it's being raised.
Given an individual PEM-encoded certificate
cert
, I want to validate it against a certification chain located in./cc_certs/PT.pem
which I open to build a list of intermediate certificates:Simple use-case that's well documented. However when running this it blows up complaining about a
TypeError
Sometimes the error also happens to be
What do these errors mean? Or why does the error appear to be random? I tried to trace the exception in the source code but I don't know why it's being raised.