Created attachment 472 [details]
Patch that adds error handling of invalid certificates.
The crash happens with the following traceback:
tl-ldap-certalias: ERROR: Failed to load certificate...
stderr from tl-certtool: Failed to decode extension as CRLDistPointsSyntax element!
Error is .utcTime
LIBTASN1 ERROR: DER_ERROR
ERROR: Could not extract CRL distribution points from certificate (error -22)
Traceback (most recent call last):
File "/opt/thinlinc/sbin/tl-ldap-certalias", line 1302, in <module>
o0OOoOO = oOOo000oOoO0 ( )
File "/opt/thinlinc/sbin/tl-ldap-certalias", line 1069, in oOOo000oOoO0
iIi1I1 = II1i ( I1 [ 'pubkey' ] [ 1 ] [ 'exponent' ] ,
File "/opt/thinlinc/sbin/tl-ldap-certalias", line 77, in __getitem__
Attachment is a patch for a proper error handling of invalid cert.
The source reason for the crash is that tl-crltool fails to get CRL Distribution Points.
I'll ask the customer if we can get a copy of this failing certificate.
Fix commited in r27147.
Tested by code inspection.