https://github.com/golang/go/commit/51ff3a6965b3fc40aceebe90eaf15a8a1a00a452 looks like it fixed in main golang crypto/x509 as part of refactor, but looks like that new parser didn't backported to CT fork of x509 2025년 5월 19일 월요일 오전 12시 2분 37초 UTC+9에 Andrew Ayer님이 작성:
> On Sun, 18 May 2025 11:21:38 +0200 > Hanno Böck <[email protected]> wrote: > > > Hi, > > > > I noticed an odd certificate in the CT logs: > > https://crt.sh/?id=18465123083 > > > > This certificate just expired (May 17), and was issued in 2015. > > It showed in in a CT logs (Google's argon2025h1) yesterday. > > > > I noticed that this certificate could not be parsed with Python > > Cryptography (ValueError: error parsing asn1 value: ParseError { kind: > > ExtraData, location: ["Certificate::signature_alg"] }). > > zlint complains about e_cert_sig_alg_not_match_tbs_sig_alg. > > Lookint at the asn1 data with der2ascii, it looks there's some value > > behind the signature algorithm OID where there should just be a NULL: > > SEQUENCE { > > # sha384WithRSAEncryption > > OBJECT_IDENTIFIER { 1.2.840.113549.1.1.12 } > > `00132c000000020000000000000000000000000000` > > } > > > > This certificate appears to be largely identical to this one > > > https://crt.sh/?q=821cc55ce7ec5c74febb42f624eb6a36c478215a31ed67e3cf723a67e8c75eba > > just with some encoding errors. > > > > I don't really know what happened here, and whether it is something to > > worry about. It looks like possibly a data corruption issue > > Hi Hanno, > > The TBSCertificate portion of this certificate is identical to the other > one you found. Someone (not necessarily the CA) changed the unsigned > signatureAlgorithm field such that it no longer matches the > signatureAlgorithm in the TBSCertificate. It was accepted by the CT log due > to a bug in Trillian which I reported nearly 5 years ago < > https://github.com/google/certificate-transparency-go/issues/699>. > Inexplicably, the bug remains unfixed, despite this being a trivial spam > vector and a patch being available. > > Regards, > Andrew > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/1b1c6609-9eb5-4a36-b545-8bf40a2719e7n%40mozilla.org.
