New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parsing PEM certificate exchanges content of issuingCertificateURL and ocspServer #4

Open

lemmingucwcz opened this issue May 14, 2019 · 1 comment

lemmingucwcz commented May 14, 2019

When I parse certificate attached below like this:

const parsed = Certificate.fromPEM(fs.readFileSync('cert.pem'));

resulting object has properties as follows:

issuingCertificateURL: "http://ocsp.ica.cz/pca15_rsa"
ocspServer: "http://s.ica.cz/pca15_rsa.cer"

However, these values should be switched, which is clear from their contents, also parsing certificate by openssl tool shows them OK:

        Authority Information Access:
            CA Issuers - URI:http://s.ica.cz/pca15_rsa.cer
            OCSP - URI:http://ocsp.ica.cz/pca15_rsa

Certificate in question:

-----BEGIN CERTIFICATE-----
MIIGljCCBH6gAwIBAgIDJZJJMA0GCSqGSIb3DQEBCwUAMHoxCzAJBgNVBAYTAkNa
MSMwIQYDVQQDDBpJLkNBIFB1YmxpYyBDQS9SU0EgMDcvMjAxNTEtMCsGA1UECgwk
UHJ2bsOtIGNlcnRpZmlrYcSNbsOtIGF1dG9yaXRhLCBhLnMuMRcwFQYDVQQFEw5O
VFJDWi0yNjQzOTM5NTAeFw0xODA4MDcxMTAwMTRaFw0xOTA4MDcxMTAwMTRaMIGL
MR4wHAYDVQQDDBVWZXJvbmlrYSBSZWljaG1hbm92w6ExCzAJBgNVBAYTAkNaMRsw
GQYDVQQKDBJFLk9OIEVuZXJnaWUsIGEucy4xETAPBgNVBCoMCFZlcm9uaWthMRUw
EwYDVQQEDAxSZWljaG1hbm92w6ExFTATBgNVBAUTDElDQSAtIDk0MzgzOTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ9tFOnc9JJsKWHivgu2pWmUE2lZ
oQI6VVeau8YgCetzwCSdkUBsTyXMen59y7UpLPNye4JgS5VxghmV2BAXmxcdo0CQ
+kyRqQ9Zt27YtVs21DfPI6WY2w4JezOgxt1HVisXDeTcAyB6DYWQGaZAgPsIMDFY
zxK8MlqLmsFAiGr5LVFRbAmZj+56F+0frLNMKA9MVYEJmUOxceViR47+/uoa3K3v
wGv4gwk7WU9CGvw/5PTvxRWl94UIQMa6Dc3FTVZPIA2TFhc33BbbE824RmWAwJeU
PjKVVp4CkRt65yfOh5S7bye1Hy/+V89WJPx8t9AuWiKcpQdRrTql2xo+kS8CAwEA
AaOCAhEwggINMCUGCisGAQQBgbhIBAcEFzAVDA01NzA4NjEwNTM2NTE4AgECAQEA
MB0GCisGAQQBgbhIBAMEDxoNNTcwODYxMDUzNjUxODA+BgNVHREENzA1gRt2ZXJv
bmlrYS5yZWljaG1hbm92YUBlb24uY3qgFgYKKwYBBAGBuEgEBqAIDAY5NDM4Mzkw
DgYDVR0PAQH/BAQDAgWgMEUGA1UdIAQ+MDwwMAYNKwYBBAGBuEgKAUYBATAfMB0G
CCsGAQUFBwIBFhFodHRwOi8vd3d3LmljYS5jejAIBgYEAI96AQEwXwYDVR0fBFgw
VjApoCegJYYjaHR0cDovL3NjcmxkcDEuaWNhLmN6L3BjYTE1X3JzYS5jcmwwKaAn
oCWGI2h0dHA6Ly9zY3JsZHAyLmljYS5jei9wY2ExNV9yc2EuY3JsMGMGCCsGAQUF
BwEBBFcwVTApBggrBgEFBQcwAoYdaHR0cDovL3MuaWNhLmN6L3BjYTE1X3JzYS5j
ZXIwKAYIKwYBBQUHMAGGHGh0dHA6Ly9vY3NwLmljYS5jei9wY2ExNV9yc2EwCQYD
VR0TBAIwADAfBgNVHSMEGDAWgBTYaDylv6jn9DDRIGAkRSSkfDMqxzAdBgNVHQ4E
FgQUtz2DIIzS5cZmRSgnNyo7U0QP5D4wHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsG
AQUFBwMEMA0GCSqGSIb3DQEBCwUAA4ICAQAi6ZUHwwWXHPw7/Ta3pQOrBV968yaB
gMBktEljW7WwCs+KmlQC5w2i9BQCt3KMXiT2Yx/5njYyJzGI0JIPncIGnbT5M70t
89l9YwGySth39/0LCRuMDfYhUZLuZalnmRuO/sL+ntvDgnBHOQMha6KlKAg7wpWD
21ABOnvbCNgD/XyqZa3sMype3S58x3tU1vnOiaJGfPzjRfuMidZ/NUV6Cdj74I+3
PHEYXuXudZlR7+DNUzfJ+TgmYgagzoVnmGmR643zgg+PmvYCcctYXGGgFYnSGmuf
0kL/WgvP+8qRgZBDeNV560mYrkFZJIYlA0zJM++NTmOfFaoEd9bth9bzHDE2+0ha
16nQS5RKhe5bXFO3FHvfgsQC7mWJNCzjzYGvnt2XG2SdUaLz1yryZ29sdzQt/Pvs
XJVwekcox2DezqQisClXQTgUPIx5PnREYl8VakOD7hN8f41Z9aojP91WbjkGfgCV
wYAov6i8Q3bw+FWzGjqhKa4IiAzhGFUU4fGoeAnoiDZuwIZ5//QUYdnSc/FXZ7rv
RGBl8C9FYwAEg+bHYa9Spc8SuRET6OGgmS5urhsQmpwsyyQz38PyMClwK4GfGyiC
oehHR+hHK3D97w9EJFkIA/bI2iveBu5xq6EwOKrYsMZB+Cr0+ej7ff36gCia4k4z
nlfUtAS0qXspww==
-----END CERTIFICATE-----

If you need more info, feel free to contact me.

The text was updated successfully, but these errors were encountered:

Author

lemmingucwcz commented May 14, 2019

I got another cert which has (according to openssl) three CA Issuers and no OCSP link. Yet in parsed certificate one issuer is in issuingCertificateURL, second in ocspServer and third is not shown. It seems you always take first value as issuingCertificateURL, second as ocspServer without checking OIDs...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment