The cryptography system parsed a CRL file that contains a revoked certificate with a serial number of 0.

Version:
cryptography-44.0.2

Hello Developer,

I have a CRL file that contains a revoked certificate with a serial number of 0. Cryptography successfully parsed this serial number without any errors. However, according to RFC 5280, the certificate serial number must be a non-negative integer. At the same time, tests show that cryptography will reject the parsing of revoked certificates with negative serial numbers.


Code:
```
from cryptography.x509 import load_pem_x509_crl, load_der_x509_crl
from cryptography.x509 import ExtensionNotFound
import sys

def load_crl(file_path):
    with open(file_path, "rb") as f:
        crl_data = f.read()
    try:
        crl = load_pem_x509_crl(crl_data)
    except ValueError:
        crl = load_der_x509_crl(crl_data)
    return crl

def print_crl_issuer(file_path):
    crl=load_crl(file_path)
    try:
        for entry in crl:
               print(entry)
    except Exception as e:
        print(f"Error occurred: {e}")

file_path = 'crl_revoked_serial_0.der'
print_crl_issuer(file_path)
```
Test Case:

[crl_revoked_serial_0.zip](https://github.com/user-attachments/files/19759738/crl_revoked_serial_0.zip)

Another Test Case:

[crl_revoked_serial_-24.zip](https://github.com/user-attachments/files/19759747/crl_revoked_serial_-24.zip)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

The cryptography system parsed a CRL file that contains a revoked certificate with a serial number of 0. #12771

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

The cryptography system parsed a CRL file that contains a revoked certificate with a serial number of 0. #12771

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions