OpenSSL::PKCS7 seems to create broken objects (nested asn.1 error)
When trying to read previously created OpenSSL::PKCS7 object, it fails with 'nested asn.1 error'. Seems like object is broken.
Steps to reproduce:
- Generate x.509 certificate (either from CLI or in Ruby) and store it in OpenSSL::X509::Certificate object.
- Create new OpenSSL::PKCS7 object, set the 'type' attribute to ':signed'
- Add OpenSSL::X509::Certificate object to OpenSSL::PKCS7 object with #add_certificate() method
- Try to read back the object created in step '3' with: OpenSSL::PKCS7.new(pkcs7_obj.to_s)
ArgumentError: Could not parse the PKCS7: nested asn1 error
from (pry):8:in `initialize'
OpenSSL::PKCS7.new() should be able to read from previously created PKCS7 object (casted to string with #to_s method)
The session is attached to this ticket. It can be also found online: https://gist.github.com/jnahorny/9ccbb186c9f7c20c9f3e
note 1: I was able to reproduce this problem with ruby 2.2.x and latest head (2.4.0). On Linux too.
note 2: This code used to work when ruby was linked to openssl v 0.9.8.
Updated by rhenium (Kazuki Yamaguchi) over 3 years ago
- Status changed from Assigned to Third Party's Issue
The direct reason is that PKCS7#to_s returns a broken PEM. It looks like the behavior was changed in OpenSSL 1.0.1i:
But since the PKCS7 object is actually incomplete at that time you call PKCS7#to_s, I'm not sure whether if this is a bug or not.