certificate-transparency/cheese
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Skip PEM with negative serial number

Browse Source
This commit is contained in:
Pim van Pelt
2025-08-24 12:02:37 +02:00
parent a3d3c4c643
commit 0b12cbca62
1 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tesseract/genconf/roots.go
View File

@@ -1,6 +1,7 @@
package main package main
import ( import (
"crypto/x509"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"encoding/pem" "encoding/pem"
@@ -74,6 +75,7 @@ func generateRoots(args []string) {
defer outFile.Close() defer outFile.Close()
// Write each certificate as PEM // Write each certificate as PEM
validCertCount := 0
for _, certBase64 := range rootsResp.Certificates { for _, certBase64 := range rootsResp.Certificates {
// Decode base64 certificate // Decode base64 certificate
certBytes, err := base64.StdEncoding.DecodeString(certBase64) certBytes, err := base64.StdEncoding.DecodeString(certBase64)
@@ -81,6 +83,19 @@ func generateRoots(args []string) {
log.Fatalf("Failed to decode certificate: %v", err) log.Fatalf("Failed to decode certificate: %v", err)
} }
// Parse X.509 certificate to check serial number
cert, err := x509.ParseCertificate(certBytes)
if err != nil {
log.Printf("Warning: Failed to parse certificate, skipping: %v", err)
continue
}
// Check for negative serial number
if cert.SerialNumber.Sign() < 0 {
log.Printf("Warning: Certificate with negative serial number found, skipping (serial: %s)", cert.SerialNumber.String())
continue
}
// Create PEM block // Create PEM block
pemBlock := &pem.Block{ pemBlock := &pem.Block{
Type: "CERTIFICATE", Type: "CERTIFICATE",
@@ -92,7 +107,9 @@ func generateRoots(args []string) {
if err != nil { if err != nil {
log.Fatalf("Failed to write PEM certificate: %v", err) log.Fatalf("Failed to write PEM certificate: %v", err)
} }
validCertCount++
} }
fmt.Printf("Successfully wrote %d certificates to %s\n", len(rootsResp.Certificates), outputFile) fmt.Printf("Successfully wrote %d certificates to %s (out of %d total)\n", validCertCount, outputFile, len(rootsResp.Certificates))
} }