mk-ca-bundle.pl fails when "NOT_TRUSTED" is used as level #5278
Comments
bagder
changed the title
|
This seems to fix it for me: --- a/lib/mk-ca-bundle.pl
+++ b/lib/mk-ca-bundle.pl
@@ -529,10 +529,15 @@ while (<TXT>) {
$skipnum ++;
report "Skipping: $caname" if ($opt_v);
} else {
my $data = $cka_value;
$cka_value = "";
+
+ if(!length($data)) {
+ # if empty, skip
+ next;
+ }
my $encoded = MIME::Base64::encode_base64($data, '');
$encoded =~ s/(.{1,${opt_w}})/$1\n/g;
my $pem = "-----BEGIN CERTIFICATE-----\n"
. $encoded
. "-----END CERTIFICATE-----\n"; |
bagder
added a commit
that referenced
this issue
Apr 22, 2020
Reported-by: Ashwin Metpalli Fixes #5278 Closes #
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I did this
The below command fails with the error "unable to load certificate
Couldn't close openssl pipe: Inappropriate I/O control operation at mk-ca-bundle.pl line 562, line 919."
perl mk-ca-bundle.pl -n -p "ALL:NOT_TRUSTED" -s "SHA256" -t BadCerts.txt
I expected the following
The same command succeeds with the script version 1.25 while it fails with version 1.27. On analyzing further, Line no. 518 has something to do with
the root cause -- ( if(/^CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST/ && $valid) {
"
curl/libcurl version
curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL
Release-Date: [unreleased]
Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp
Features: AsynchDNS IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL
operating system
Windows 10
latestlog.txt
The text was updated successfully, but these errors were encountered: