OpenSSL: strip spaces & newlines from cert signature expansion
authorJeremy Harris <jgh146exb@wizmail.org>
Mon, 15 Aug 2022 17:42:28 +0000 (18:42 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Mon, 15 Aug 2022 17:42:28 +0000 (18:42 +0100)
src/src/tlscert-openssl.c
test/log/2102
test/log/2102.openssl_1_1_1
test/log/5720

index 168e35b7f9eb32fff61c3542f3001573ba925739..ac353b25f600b61497b23a389b3e71a47c2557c7 100644 (file)
@@ -261,11 +261,19 @@ if (X509_print_ex(bp, (X509 *)cert, 0,
   X509_FLAG_NO_AUX) == 1)
   {
   long len = BIO_get_mem_data(bp, &cp);
+  gstring * g = NULL;
 
   /* Strip leading "Signature Algorithm" line */
   while (*cp && *cp != '\n') { cp++; len--; }
+  if (*cp) { cp++; len--; }
 
-  cp = string_copyn(cp+1, len-1);
+  /* Strip possible leading "    Signature Value:\n" (seen with OpenSSL 3.0.5) */
+  if (Ustrncmp(cp, "    Signature Value:\n", 21) == 0) { cp += 21; len -= 21; }
+
+  /* Copy only hexchars and colon (different OpenSSL versions do different spacing) */
+  for ( ; len-- && *cp; cp++)
+    if (Ustrchr("0123456789abcdef:", *cp)) g = string_catn(g, cp, 1);
+  cp = string_from_gstring(g);
   }
 BIO_free(bp);
 return cp;
index b4e6431218e7f64721092fc9848ca67e4bf891bc..4702a6c7e9a7db4964ad971fbe1d0f30158e1d44 100644 (file)
@@ -31,7 +31,7 @@
 1999-03-02 09:44:33 NA/i <2143283670>
 1999-03-02 09:44:33 NA   <Dec  1 12:34:30 2037 +0000>
 1999-03-02 09:44:33 SA  <sha256WithRSAEncryption>
-1999-03-02 09:44:33 SG  <         5d:2c:8d:dc:bf:45:79:5d:60:8e:57:08:fe:10:da:9d:34:eb:\n         e6:b0:b0:5b:88:16:70:97:0b:ab:b4:1c:a8:04:99:40:84:1b:\n         ed:45:6c:fc:30:9c:f2:f2:44:28:f3:76:28:a0:14:49:9f:a1:\n         00:ac:2b:cf:88:68:ea:bc:21:d2:4b:29:fa:5e:38:d8:78:52:\n         ae:0e:d8:ef:20:84:f3:43:8a:05:ea:17:f7:37:89:a8:9b:3a:\n         ba:41:26:d2:e4:0f:a5:21:f6:c1:e7:15:90:b0:c4:5b:2b:d0:\n         05:23:e7:84:45:77:24:b1:34:8f:24:a0:9b:69:39:52:0a:ec:\n         b3:38:1e:70:47:60:23:ea:f7:3d:c7:0c:20:de:dd:d5:6f:56:\n         76:db:74:24:c4:4e:13:e1:ee:0a:b5:c1:72:95:38:08:11:bc:\n         e4:fe:d5:be:5f:80:1d:5d:c9:48:b8:40:43:5a:3e:2a:fa:bb:\n         e7:df:29:79:d2:c2:3a:2d:f4:4b:02:f1:c3:05:88:84:9a:b4:\n         af:03:c0:55:2b:72:b0:ba:f4:3b:5d:09:8f:6e:06:2a:52:0d:\n         a4:4a:38:06:2c:c3:4c:83:a9:91:d9:6a:ed:a5:a1:fe:67:44:\n         97:2c:f1:f9:4f:36:1f:92:57:0c:76:7a:d3:e0:6f:04:72:11:\n         db:ae:4b:42\n>
+1999-03-02 09:44:33 SG  <5d:2c:8d:dc:bf:45:79:5d:60:8e:57:08:fe:10:da:9d:34:eb:e6:b0:b0:5b:88:16:70:97:0b:ab:b4:1c:a8:04:99:40:84:1b:ed:45:6c:fc:30:9c:f2:f2:44:28:f3:76:28:a0:14:49:9f:a1:00:ac:2b:cf:88:68:ea:bc:21:d2:4b:29:fa:5e:38:d8:78:52:ae:0e:d8:ef:20:84:f3:43:8a:05:ea:17:f7:37:89:a8:9b:3a:ba:41:26:d2:e4:0f:a5:21:f6:c1:e7:15:90:b0:c4:5b:2b:d0:05:23:e7:84:45:77:24:b1:34:8f:24:a0:9b:69:39:52:0a:ec:b3:38:1e:70:47:60:23:ea:f7:3d:c7:0c:20:de:dd:d5:6f:56:76:db:74:24:c4:4e:13:e1:ee:0a:b5:c1:72:95:38:08:11:bc:e4:fe:d5:be:5f:80:1d:5d:c9:48:b8:40:43:5a:3e:2a:fa:bb:e7:df:29:79:d2:c2:3a:2d:f4:4b:02:f1:c3:05:88:84:9a:b4:af:03:c0:55:2b:72:b0:ba:f4:3b:5d:09:8f:6e:06:2a:52:0d:a4:4a:38:06:2c:c3:4c:83:a9:91:d9:6a:ed:a5:a1:fe:67:44:97:2c:f1:f9:4f:36:1f:92:57:0c:76:7a:d3:e0:6f:04:72:11:db:ae:4b:42>
 1999-03-02 09:44:33 SAN <DNS=server2.example.com\nDNS=*.test.ex>
 1999-03-02 09:44:33 OCU <http://oscp.example.com/>
 1999-03-02 09:44:33 (no CRU)
index 5d709daa6e3b62b57a26812ff323ed21e37ce01c..5cfa953d1ca1058b5965135ed9de46cdbf19b3d3 100644 (file)
@@ -31,7 +31,7 @@
 1999-03-02 09:44:33 NA/i <2143283670>
 1999-03-02 09:44:33 NA   <Dec  1 12:34:30 2037 +0000>
 1999-03-02 09:44:33 SA  <sha256WithRSAEncryption>
-1999-03-02 09:44:33 SG  <         5d:2c:8d:dc:bf:45:79:5d:60:8e:57:08:fe:10:da:9d:34:eb:\n         e6:b0:b0:5b:88:16:70:97:0b:ab:b4:1c:a8:04:99:40:84:1b:\n         ed:45:6c:fc:30:9c:f2:f2:44:28:f3:76:28:a0:14:49:9f:a1:\n         00:ac:2b:cf:88:68:ea:bc:21:d2:4b:29:fa:5e:38:d8:78:52:\n         ae:0e:d8:ef:20:84:f3:43:8a:05:ea:17:f7:37:89:a8:9b:3a:\n         ba:41:26:d2:e4:0f:a5:21:f6:c1:e7:15:90:b0:c4:5b:2b:d0:\n         05:23:e7:84:45:77:24:b1:34:8f:24:a0:9b:69:39:52:0a:ec:\n         b3:38:1e:70:47:60:23:ea:f7:3d:c7:0c:20:de:dd:d5:6f:56:\n         76:db:74:24:c4:4e:13:e1:ee:0a:b5:c1:72:95:38:08:11:bc:\n         e4:fe:d5:be:5f:80:1d:5d:c9:48:b8:40:43:5a:3e:2a:fa:bb:\n         e7:df:29:79:d2:c2:3a:2d:f4:4b:02:f1:c3:05:88:84:9a:b4:\n         af:03:c0:55:2b:72:b0:ba:f4:3b:5d:09:8f:6e:06:2a:52:0d:\n         a4:4a:38:06:2c:c3:4c:83:a9:91:d9:6a:ed:a5:a1:fe:67:44:\n         97:2c:f1:f9:4f:36:1f:92:57:0c:76:7a:d3:e0:6f:04:72:11:\n         db:ae:4b:42\n>
+1999-03-02 09:44:33 SG  <5d:2c:8d:dc:bf:45:79:5d:60:8e:57:08:fe:10:da:9d:34:eb:e6:b0:b0:5b:88:16:70:97:0b:ab:b4:1c:a8:04:99:40:84:1b:ed:45:6c:fc:30:9c:f2:f2:44:28:f3:76:28:a0:14:49:9f:a1:00:ac:2b:cf:88:68:ea:bc:21:d2:4b:29:fa:5e:38:d8:78:52:ae:0e:d8:ef:20:84:f3:43:8a:05:ea:17:f7:37:89:a8:9b:3a:ba:41:26:d2:e4:0f:a5:21:f6:c1:e7:15:90:b0:c4:5b:2b:d0:05:23:e7:84:45:77:24:b1:34:8f:24:a0:9b:69:39:52:0a:ec:b3:38:1e:70:47:60:23:ea:f7:3d:c7:0c:20:de:dd:d5:6f:56:76:db:74:24:c4:4e:13:e1:ee:0a:b5:c1:72:95:38:08:11:bc:e4:fe:d5:be:5f:80:1d:5d:c9:48:b8:40:43:5a:3e:2a:fa:bb:e7:df:29:79:d2:c2:3a:2d:f4:4b:02:f1:c3:05:88:84:9a:b4:af:03:c0:55:2b:72:b0:ba:f4:3b:5d:09:8f:6e:06:2a:52:0d:a4:4a:38:06:2c:c3:4c:83:a9:91:d9:6a:ed:a5:a1:fe:67:44:97:2c:f1:f9:4f:36:1f:92:57:0c:76:7a:d3:e0:6f:04:72:11:db:ae:4b:42>
 1999-03-02 09:44:33 SAN <DNS=server2.example.com\nDNS=*.test.ex>
 1999-03-02 09:44:33 OCU <http://oscp.example.com/>
 1999-03-02 09:44:33 (no CRU)
index a3d144e769be9c59d6cbdc80a02963ead45d308a..19e625efce884a3628ae6d16e5df0b2b842ab0bc 100644 (file)
@@ -16,7 +16,7 @@
 1999-03-02 09:44:33 10HmaX-0005vi-00 NB  <Nov  1 12:34:04 2012 +0000>
 1999-03-02 09:44:33 10HmaX-0005vi-00 NA  <Jan  1 12:34:04 2038 +0000>
 1999-03-02 09:44:33 10HmaX-0005vi-00 SA  <sha256WithRSAEncryption>
-1999-03-02 09:44:33 10HmaX-0005vi-00 SG  <         2f:9e:ed:c8:45:94:91:a3:97:5b:4f:a5:60:96:c7:be:40:28:\n         0c:19:25:a8:ec:29:2e:09:1c:e6:95:00:1d:8e:96:bb:80:7b:\n         d7:61:3e:37:8b:d5:1d:37:26:f8:3e:c5:0b:07:fb:79:9c:0f:\n         ed:95:58:90:1a:42:49:97:9b:c5:9e:f3:f2:3b:ff:41:b0:74:\n         ff:8e:24:04:95:9f:85:93:b3:75:f4:38:80:1c:25:7d:2e:e1:\n         e4:f4:a7:ba:6d:89:6c:6c:30:c1:19:96:47:a2:9d:e7:c7:8a:\n         0b:54:eb:f1:1d:af:0a:84:87:7e:c5:74:19:b0:ce:e3:f7:ef:\n         8f:5e:2a:bd:b6:d7:49:b9:ac:31:2a:30:8a:c0:5b:f8:a8:b4:\n         9d:ca:b7:e2:e7:14:09:15:54:9c:0a:09:16:38:3c:32:97:32:\n         51:66:d2:c2:fb:5c:d8:b8:8b:28:23:d7:e5:4c:78:91:55:0b:\n         15:2b:10:87:04:f4:d0:55:3f:fe:c8:f4:27:ca:4d:5b:75:79:\n         c5:df:ef:b2:e9:1c:be:af:0b:13:7b:da:7f:a2:76:34:7f:d0:\n         34:42:be:94:6c:ce:f7:36:c1:ee:f3:4f:61:aa:ba:54:d7:3b:\n         67:f7:47:5f:a2:ce:aa:fd:8d:92:09:46:21:de:bf:7f:1e:b8:\n         4b:00:c8:a6\n>
+1999-03-02 09:44:33 10HmaX-0005vi-00 SG  <2f:9e:ed:c8:45:94:91:a3:97:5b:4f:a5:60:96:c7:be:40:28:0c:19:25:a8:ec:29:2e:09:1c:e6:95:00:1d:8e:96:bb:80:7b:d7:61:3e:37:8b:d5:1d:37:26:f8:3e:c5:0b:07:fb:79:9c:0f:ed:95:58:90:1a:42:49:97:9b:c5:9e:f3:f2:3b:ff:41:b0:74:ff:8e:24:04:95:9f:85:93:b3:75:f4:38:80:1c:25:7d:2e:e1:e4:f4:a7:ba:6d:89:6c:6c:30:c1:19:96:47:a2:9d:e7:c7:8a:0b:54:eb:f1:1d:af:0a:84:87:7e:c5:74:19:b0:ce:e3:f7:ef:8f:5e:2a:bd:b6:d7:49:b9:ac:31:2a:30:8a:c0:5b:f8:a8:b4:9d:ca:b7:e2:e7:14:09:15:54:9c:0a:09:16:38:3c:32:97:32:51:66:d2:c2:fb:5c:d8:b8:8b:28:23:d7:e5:4c:78:91:55:0b:15:2b:10:87:04:f4:d0:55:3f:fe:c8:f4:27:ca:4d:5b:75:79:c5:df:ef:b2:e9:1c:be:af:0b:13:7b:da:7f:a2:76:34:7f:d0:34:42:be:94:6c:ce:f7:36:c1:ee:f3:4f:61:aa:ba:54:d7:3b:67:f7:47:5f:a2:ce:aa:fd:8d:92:09:46:21:de:bf:7f:1e:b8:4b:00:c8:a6>
 1999-03-02 09:44:33 10HmaX-0005vi-00 (no SAN)
 1999-03-02 09:44:33 10HmaX-0005vi-00 (no OCU)
 1999-03-02 09:44:33 10HmaX-0005vi-00 (no CRU)
@@ -52,7 +52,7 @@
 1999-03-02 09:44:33 10HmaY-0005vi-00 NB  <Nov  1 12:34:10 2012 +0000>
 1999-03-02 09:44:33 10HmaY-0005vi-00 NA  <Dec  1 12:34:10 2037 +0000>
 1999-03-02 09:44:33 10HmaY-0005vi-00 SA  <sha256WithRSAEncryption>
-1999-03-02 09:44:33 10HmaY-0005vi-00 SG  <         96:29:b8:21:7e:2e:40:8f:4c:c0:a3:e4:08:cc:d0:06:80:cd:\n         02:cc:06:3e:48:09:f8:58:83:b7:8e:f5:82:ca:da:c7:f9:9f:\n         02:9b:68:47:d1:69:72:08:e6:d1:7e:2b:1c:be:26:66:e1:04:\n         05:47:e4:5d:48:bd:2a:65:58:80:a3:5c:f1:85:1b:3f:fe:09:\n         7e:aa:e2:a8:a6:23:8e:69:76:41:56:8b:61:70:40:ff:ea:e2:\n         7f:1e:07:18:18:43:5f:fc:31:8f:ad:93:f4:d6:af:19:36:dc:\n         f5:e9:ae:76:87:90:85:0d:8b:f5:76:70:b2:1c:48:ce:41:22:\n         d4:35:e9:74:6b:65:06:04:c7:cf:86:16:81:6e:54:6f:3b:d3:\n         df:7c:55:36:bd:04:5c:a3:1d:42:cc:23:1a:f5:b2:3d:30:22:\n         19:0e:a0:10:e5:8f:eb:a5:a0:29:9b:34:de:3c:86:5c:09:77:\n         26:f1:38:46:06:52:79:bf:7f:35:70:15:d0:06:1f:5a:54:16:\n         d2:a3:df:38:a1:43:da:03:9e:f9:90:10:dc:35:04:ea:ca:dc:\n         94:f0:6a:60:3e:d2:c5:53:a2:0a:a6:62:bd:95:21:22:f2:24:\n         b9:66:10:08:7b:16:88:75:8c:6c:e2:ed:92:c1:c8:ba:ac:6d:\n         76:61:fe:c3\n>
+1999-03-02 09:44:33 10HmaY-0005vi-00 SG  <96:29:b8:21:7e:2e:40:8f:4c:c0:a3:e4:08:cc:d0:06:80:cd:02:cc:06:3e:48:09:f8:58:83:b7:8e:f5:82:ca:da:c7:f9:9f:02:9b:68:47:d1:69:72:08:e6:d1:7e:2b:1c:be:26:66:e1:04:05:47:e4:5d:48:bd:2a:65:58:80:a3:5c:f1:85:1b:3f:fe:09:7e:aa:e2:a8:a6:23:8e:69:76:41:56:8b:61:70:40:ff:ea:e2:7f:1e:07:18:18:43:5f:fc:31:8f:ad:93:f4:d6:af:19:36:dc:f5:e9:ae:76:87:90:85:0d:8b:f5:76:70:b2:1c:48:ce:41:22:d4:35:e9:74:6b:65:06:04:c7:cf:86:16:81:6e:54:6f:3b:d3:df:7c:55:36:bd:04:5c:a3:1d:42:cc:23:1a:f5:b2:3d:30:22:19:0e:a0:10:e5:8f:eb:a5:a0:29:9b:34:de:3c:86:5c:09:77:26:f1:38:46:06:52:79:bf:7f:35:70:15:d0:06:1f:5a:54:16:d2:a3:df:38:a1:43:da:03:9e:f9:90:10:dc:35:04:ea:ca:dc:94:f0:6a:60:3e:d2:c5:53:a2:0a:a6:62:bd:95:21:22:f2:24:b9:66:10:08:7b:16:88:75:8c:6c:e2:ed:92:c1:c8:ba:ac:6d:76:61:fe:c3>
 1999-03-02 09:44:33 10HmaY-0005vi-00 SAN <DNS=*.test.ex;DNS=alternatename.server1.example.com;DNS=server1.example.com;DNS=alternatename2.server1.example.com>
 1999-03-02 09:44:33 10HmaY-0005vi-00 OCU <http://oscp.example.com/>
 1999-03-02 09:44:33 10HmaY-0005vi-00 CRU <http://crl.example.com/latest.crl>