Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Master List verification fails #1

Open
Fethbita opened this issue Apr 17, 2024 · 2 comments
Open

Master List verification fails #1

Fethbita opened this issue Apr 17, 2024 · 2 comments

Comments

@Fethbita
Copy link
Owner

Master List verification fails during master list parsing with the following error:

Error while verifying Master List Signer Certificate signature: Certificate public key has explicit ECC parameters

This error is caused by openssl and there are issues for this created in openssl GitHub: openssl/openssl#9286 openssl/openssl#20117 openssl/openssl#20119 however it seems that there won't be an solution implemented anytime soon. The solution that can be currently implemented is to use the X509_STORE_CTX_set_verify_cb function, however that one is not exposed by rust-openssl. An issue for exposing this function is created in rust-openssl GitHub: sfackler/rust-openssl#2220.
@tzippy84
Copy link

If you dont mind me asking, how would you use the X509_STORE_CTX_set_verify_cb in a potential solution to this problem?

@Fethbita
Copy link
Owner Author

@tzippy84 As I explained in the sfackler/rust-openssl#2220 issue, with this callback function we can check the error that is passed, and if it is X509_V_ERR_EC_KEY_EXPLICIT_PARAMS then we can return false. That would make the x509_vfy.c#172 check invalid (it would not return) and the code would continue running.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Fethbita @tzippy84