trailing white space in "-----BEGIN CERTIFICATE----- " causes readPemObject returning null #1533
Comments
|
I'll admit it is a bit of a weird one, our parser was originally based on RFC 1421, the grammar at the end of it gives: So at least as far as the original PEM definition goes, trailing white space would be an error. RFC 7468 is more recent and appears somewhat more forgiving though - the grammar in section 3 doesn't require CRLF and the standard does specifically talk about ignore whitespace. I think we can accommodate a line.trim() prior to doing the checks. I'll put it on the list. |
|
This is now done in 178b02 - see https://www.bouncycastle.org/betas for details. |
|
Thanks for the support. I wonder if 178b02 is included in 1.78 and/or 1.78.1 published in April, or not? Or one needs to wait until 1.79 to have the change in this ticket?
|
if the certificate starts with "-----BEGIN CERTIFICATE----- ", or in general any pem with the begining line including a trailing white space, the readPemObject() function would return null and this causes the readObject in PEMParser to also return null.
It is because this line of code
bc-java/core/src/main/java/org/bouncycastle/util/io/pem/PemReader.java
Line 46 in 1cae543
I wonder if this is design choice or not? There are some old discussions about whether trailing white space(s) are allowed in x509certificate https://stackoverflow.com/questions/26496155/are-spaces-alowed-in-x509-certificates but it seems to me that the answers are not clear.
The text was updated successfully, but these errors were encountered: