[Bug]: Authority Information Access Extension Verify #8564
Description
Contact Details
Version
ubutun 5.7.6
Description
./configure
make
sudo make install
./testsuite/testsuite.test
wolfSSL is configured and built by default
Reproduction steps
Use this script for certificate verification
// gcc -g verify.c -o verify -lwolfssl
#include <stdlib.h>
#include <wolfssl/ssl.h>
#include <wolfssl/options.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
int wolfSSL_Verify_PEM(char * cac, char * ec){
int ret = 0;
// to create a new wolfSSL cert manager
WOLFSSL_CERT_MANAGER* cm;
cm = wolfSSL_CertManagerNew();
if (cm == NULL){
printf("Creating a new wolfSSL_CertManager failed!\n");
exit(1);
}
// to load cac to the created wolfSSL_CertManager
ret = wolfSSL_CertManagerLoadCA(cm, cac, NULL);
if (ret != SSL_SUCCESS){
printf("Loading cac to the created wolfSSL_CertManager failed!\n");
exit(2);
}
// to verify the ec in the created wolfSSL_CertManager
ret = wolfSSL_CertManagerVerify(cm, ec, SSL_FILETYPE_PEM);
if (ret != SSL_SUCCESS){
printf("wolfSSL_CertManagerVerify filed and with return code %d and error message %s\n",
ret,
wolfSSL_ERR_reason_error_string(ret));
}
else{
printf("The target cert has passed through verification.\n");
}
// to free cm
wolfSSL_CertManagerFree(cm);
return ret;
}
int main(int argc, char ** argv){
char * cac = argv[1];
char * ec = argv[2];
wolfSSL_Verify_PEM(cac, ec);
return 0;
}
./verify RootCA.pem Cert174107818015D1.pem
./verify RootCA.pem Cert17410781804D1.pem
./verify RootCA.pem Cert174107818018D1.pem
wolfSSL_CertManagerVerify failed with return code -140 and error message ASN parsing error, invalid input
Expected result:
Consistent with OpenSSL、GnuTLS:verified.
Cert174107818015D1.pem、Cert17410781804D1.pem、Cert174107818018D1.pem has the Authority Information Access extension, but the extension value is empty.