Hi,
I noticed an odd certificate in the CT logs:
https://crt.sh/?id=18465123083
This certificate just expired (May 17), and was issued in 2015.
It showed in in a CT logs (Google's argon2025h1) yesterday.
I noticed that this certificate could not be parsed with Python
Cryptography (ValueError: error parsing asn1 value: ParseError { kind:
ExtraData, location: ["Certificate::signature_alg"] }).
zlint complains about e_cert_sig_alg_not_match_tbs_sig_alg.
Lookint at the asn1 data with der2ascii, it looks there's some value
behind the signature algorithm OID where there should just be a NULL:
SEQUENCE {
# sha384WithRSAEncryption
OBJECT_IDENTIFIER { 1.2.840.113549.1.1.12 }
`00132c000000020000000000000000000000000000`
}
This certificate appears to be largely identical to this one
https://crt.sh/?q=821cc55ce7ec5c74febb42f624eb6a36c478215a31ed67e3cf723a67e8c75eba
just with some encoding errors.
I don't really know what happened here, and whether it is something to
worry about. It looks like possibly a data corruption issue
--
Hanno Böck - Independent security researcher
https://itsec.hboeck.de/
https://badkeys.info/
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20250518112138.727f7b1b%40hboeck.de.
