Alex Gaynor
Alex Gaynor
The concern here is that it requires us to retain a BER parser. Basically every modern cryptographic protocol uses DER (which is a subset of BER and is more rigid)....
Looks like in this case the issue is that they use indefinite length encodings.
Thank you! I'll also see if I can find a contact at the ATO. On Fri, Aug 29, 2025 at 5:51 PM eidorb ***@***.***> wrote: > *eidorb* left a comment...
Are you able to share the PKCS#7 module so we can clearly report the issue to sectigo?
I'm asking if you can upload the PKCS#7 file that produces this warning.
Thanks -- the issue here is that `certificates` is supposed to be a `SET` but the values here are not in lexicographic order. I'll report this to Sectigo. Thank you...
Looks like this is the same issue as with the Sectigo certs -- the SET is not correctly ordered.
I hacked up cryptography to show me the specific error instead of just a generic warning -- I'll try to land something that includes this in the warning.
cryptography main (since https://github.com/pyca/cryptography/commit/f5802fe7e08774cb8f8d80ede396de91efb1afca) now includes more details in the warning -- if you're able to build on main it should provide information. Or if you can share the PKCS#7...
Awesome -- if you're able to report that to DigiCert it'd be great! On Tue, Oct 21, 2025 at 12:06 AM mrestorff ***@***.***> wrote: > *mrestorff* left a comment (pyca/cryptography#12936)...