Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 591238 - dev-libs/openssl-1.0.2h-r2 fails to parse a large CRL
Summary: dev-libs/openssl-1.0.2h-r2 fails to parse a large CRL
Status: UNCONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo's Team for Core System packages
URL: https://github.com/openssl/openssl/co...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-14 07:58 UTC by pavelo
Modified: 2016-08-14 09:35 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description pavelo 2016-08-14 07:58:36 UTC
Openssl fails to parse a large certificate revocation list.

See the debian bug for more information (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=826552). The bug also includes a link to commit fixing the problem (https://github.com/openssl/openssl/commit/a1eef756cc1948ed4d1f175d97367aa2b24d962d).

I can confirm that applying this patch fixes my issue. Would you consider cherry-picking this patch to fix the issue?

Reproducible: Always

Steps to Reproduce:
1. Get a large crl. E.g.: rsync crl.cacert.org::crl/revoke.crl /tmp/revoke.crl
2. Try to parse it: $ openssl crl -inform der -in "/tmp/revoke.crl.tmp"

Actual Results:  
Command fails with:

unable to load CRL
139987305621136:error:0D09E09B:asn1 encoding routines:X509_NAME_EX_D2I:too long:x_name.c:203:
139987305621136:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=issuer, Type=X509_CRL_INFO
139987305621136:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:697:Field=crl, Type=X509_CRL

Expected Results:  
CRL parsed successfully.