Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 591238

Summary: dev-libs/openssl-1.0.2h-r2 fails to parse a large CRL
Product: Gentoo Linux Reporter: pavelo
Component: Current packagesAssignee: Gentoo's Team for Core System packages <base-system>
Status: RESOLVED OBSOLETE    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/openssl/openssl/commit/a1eef756cc1948ed4d1f175d97367aa2b24d962d
See Also: https://bugs.debian.org/826552
Whiteboard:
Package list:
Runtime testing required: ---

Description pavelo 2016-08-14 07:58:36 UTC 
Openssl fails to parse a large certificate revocation list.

See the debian bug for more information (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826552). The bug also includes a link to commit fixing the problem (https://github.com/openssl/openssl/commit/a1eef756cc1948ed4d1f175d97367aa2b24d962d).

I can confirm that applying this patch fixes my issue. Would you consider cherry-picking this patch to fix the issue?

Reproducible: Always

Steps to Reproduce:
1. Get a large crl. E.g.: rsync crl.cacert.org::crl/revoke.crl /tmp/revoke.crl
2. Try to parse it: $ openssl crl -inform der -in "/tmp/revoke.crl.tmp"

Actual Results:  
Command fails with:

unable to load CRL
139987305621136:error:0D09E09B:asn1 encoding routines:X509_NAME_EX_D2I:too long:x_name.c:203:
139987305621136:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=issuer, Type=X509_CRL_INFO
139987305621136:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=crl, Type=X509_CRL

Expected Results:  
CRL parsed successfully.