openssl icon indicating copy to clipboard operation
openssl copied to clipboard
verified publisher icon ruby

`Certificate#crl_uris` throws exception "undefined method `value' for nil (NoMethodError)"

Open gettalong opened this issue 1 year ago • 4 comments

I have a certificate that errors out when calling cert.crl_uris with a NoMethodError for a nil value.

Going through the code the certificate has two values in cdp_asn1. The first one has the expected tag value of 6 for the URI. The second one, however, has a tag value of 4, leading to a nil value in crl_uris. Looking at the code there might be other situations where a nil value might be included in crl_uris.

Having the nil value in crl_uris leads to an error when calling crl_uris&.map(&:value). This can be avoided by using #compact, i.e. crl_uris&.compact&.map(&:value).

gettalong avatar Jul 09 '24 08:07 gettalong

Could you provide a certificate that causes the exception?

rhenium avatar Jul 09 '24 10:07 rhenium

Could you provide a certificate that causes the exception?

I will ask if I'm allowed to share the certificate.

gettalong avatar Jul 09 '24 12:07 gettalong

@rhenium Here you go: Certificate.zip

gettalong avatar Jul 09 '24 12:07 gettalong

Thanks, it is helpful:

            X509v3 CRL Distribution Points: 
                Full Name:
                  URI:http://crl.netrust.net/netrustca2-1.crl
                Full Name:
                  DirName:C = SG, O = Netrust Pte Ltd, OU = Netrust Certificate Authority, CN = Netrust CA 2-1, CN = CRL421

The extension contains two DistributionPoint, and the second one contains no URI.

#776 should fix it.

rhenium avatar Jul 09 '24 13:07 rhenium