Comments (2)
jeroen
commented on May 25, 2024
The openssl C api has very extensive PEM parsers. For example to parse from a memory buffer (BIO):
PEM_read_bio_RSAPublicKey
PEM_read_bio_PUBKEY
PEM_read_bio_X509
from certigo.
csstaub
commented on May 25, 2024
I think you're misunderstanding. OpenSSL will not accept a PEM block that has extra header fields. I'm aware that it can parse regular PEM blocks without headers.
For example, OpenSSL does not accept a PEM block like this:
-----BEGIN CERTIFICATE-----
friendlyName: example-small-key
MIICKzCCAZQCCQDHlr/u+lfb8jANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJV
UzELMAkGA1UECBMCQ0ExEDAOBgNVBAoTB2NlcnRpZ28xEDAOBgNVBAsTB2V4YW1w
bGUxGjAYBgNVBAMTEWV4YW1wbGUtc21hbGwta2V5MB4XDTE2MDYxMDIyMTQxMloX
DTIzMDQxNTIyMTQxMlowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRAwDgYD
VQQKEwdjZXJ0aWdvMRAwDgYDVQQLEwdleGFtcGxlMRowGAYDVQQDExFleGFtcGxl
LXNtYWxsLWtleTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAlzyCIeP1T87k
1rHVMtbaGXIWpK/VQuvuXwig+e3ct1ajA4bw0BAInXZ37FEGGSCUix0k/CjH2Nlt
GREtwbahE0k5oTkVbA5XS4xkNs0M0poAFN5OiFKEAqZ014hqhvKnEUQ2oTe9SVOR
Ww49mLNg36AIEE2Fu2KQb/VT90cwwD0CAwEAATANBgkqhkiG9w0BAQsFAAOBgQBV
sJ4Vb2L1ywLVeAxNqY0PZqS7a8Q2GLhNr5V+3hOoWn7bwqQ7L06UJGSrcLOPZeIH
IWM20aOFHSTWbocd4f+m6s3llyXwBBlK2BPZbWv0OeAHgjN9AVav4flAZ4oD2GxA
aJkGAXmR9QzZNJLai5mv3L/B/p/NxeU3UGfaySxVvw==
-----END CERTIFICATE-----
...but if you remove the friendlyName header, it will happily accept it.
You can try it yourself with openssl x509 to see that it fails (I tested with 1.0.2h).
from certigo.
Related Issues (20)
- Panic in certigo/lib.explainCipher HOT 5
- Panic in master when printing certificates in 'certigo connect ...' HOT 2
- Spinnaker recommends 1.2.840.10070.8.1 for RBAC
- Add support for SQL Server
- Error: unsupported encrypted-private-key algorithm HOT 3
- Build failure with current Go versions due to needing a go.sum update for github.com/fatih/color HOT 1
- Support `-h` in addition to `--help` HOT 1
- certigo connect dereferences nil when using Postgres StartTLS HOT 2
- CI/CD key leakage HOT 1
- Tests take a dependency on an internal test certificate
- No binaries for 1.15.0 HOT 1
- Unit tests fail on macOS with Go 1.18 because of 1024-bit RSA test certificate HOT 3
- Make tests robust to non-AES ciphersuites HOT 3
- OCSP unauhtorized error HOT 1
- OCSP lookups should unconditionally add "/"
- Use zlint for certificate warnings HOT 1
- undefined: time.UnixMilli and lib/ocsp.go:151:17: undefined: io.ReadAll HOT 4
- Add scoop.sh support HOT 3
- Crypto Go :we are a research group to help developers build secure applications.
- Build with CGO disabled
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certigo.