Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error during automatic certificate fetching from CT log #50

Open
cyrill-k opened this issue Jan 31, 2024 · 0 comments
Open

Error during automatic certificate fetching from CT log #50

cyrill-k opened this issue Jan 31, 2024 · 0 comments

Comments

@cyrill-k
Copy link
Collaborator

The automatic update fails with the following error message:

======== prune started  at 2024-01-31T03:00:00Z
======== prune finished at 2024-01-31T03:00:00Z

======== update started  at 2024-01-31T03:00:00Z
updated 16384 certs batch at 2024-01-31T03:01:25Z
updated     0 certs batch at 2024-01-31T03:02:30Z
======== update finished at 2024-01-31T03:00:00Z

ERROR: update returned updating certs: updating next batch of x509 certificates: fetcher: NonFatalErrors: asn1: syntax error: Value: PrintableString contains invalid character;

It could be that the golang x509 library used is too strict on checking the correctness of certificates and thus rejects certain certificates that the CT log accepted.

The map server uses the https://ct.googleapis.com/logs/xenon2023/ log and has no previously ingested certificates from this log.
cyrill-k added a commit to cyrill-k/fpki-1 that referenced this issue Feb 27, 2024
@cyrill-k
adjust parsing rules to CT log standard (addresses issue netsec-ethz#50)
dccfd23
cyrill-k added a commit that referenced this issue Mar 15, 2024
@cyrill-k
adjust parsing rules to CT log standard (addresses issue #50)
cbf3ede
juagargi added a commit that referenced this issue Mar 15, 2024
@cyrill-k @juagargi
Cyrill Map Server Fixes and Improvements (#57)
79ba0a1 
* show mapserver public key when starting and add helper functions

* adjust parsing rules to CT log standard (addresses issue #50)

* log updater progress

* fix null pointer exception in empty tree

* fix null pointer exception if initializing tree with policy certificate

* make HTTP API port configurable

* fix issue of responder using wrong SMT root

* sign tree head after update

* allow log fetchers to run multiple times (fix closed results channel bug)

* extend policy attributes with disallowed and excluded domains

* fix closing bad idle connection bug

* remove cooloff checking at PCA (should be done at client)

* add/clean up logging

* add version information

* formatting

* Add warning if fetching speed is too low

* Fix comment.

---------

Co-authored-by: Juan A. Garcia Pardo <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cyrill-k