Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: tls serial number causes illegal padding error #2459

Merged
merged 1 commit into from
Apr 2, 2024
Merged

fix: tls serial number causes illegal padding error #2459

merged 1 commit into from
Apr 2, 2024

Conversation

achingbrain
Copy link
Member

This is a hack to work around PeculiarVentures/x509#74 until it is addressed upstream.

It seems serial numbers starting with 80 cause @peculiar/x509 to generate invalid certifiates that Node's TLSSocket then fails to parse, throwing an ERR_OSSL_ASN1_ILLEGAL_PADDING error, so the hack is to generate serial numbers until we get one that doesn't start with 80.

This can be reverted when the upstream issue is fixed.

Change checklist

  • I have performed a self-review of my own code
  • I have made corresponding changes to the documentation if necessary (this includes comments as well)
  • I have added tests that prove my fix is effective or that my feature works

@achingbrain
fix: tls serial number causes illegal padding error
623ae2f 
This is a hack to work around PeculiarVentures/x509#74
until it is addressed upstream.

It seems serial numbers starting with `80` cause `@peculiar/x509` to
generate invalid certifiates that Node's `TLSSocket` then fails to
parse, throwing an `ERR_OSSL_ASN1_ILLEGAL_PADDING` error, so the hack
is to generate serial numbers until we get one that doesn't start with
`80`.

This can be reverted when the upstream issue is fixed.
@achingbrain achingbrain requested a review from a team as a code owner March 31, 2024 07:06
@achingbrain
Copy link
Member Author

I have been running connection tests with this patch against go-libp2p for 24 hours without a single error.

@achingbrain achingbrain merged commit cae8639 into main Apr 2, 2024
22 checks passed
@achingbrain achingbrain deleted the fix/serial-number-generation branch April 2, 2024 10:13
@achingbrain achingbrain mentioned this pull request Apr 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maschad maschad maschad approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@achingbrain @maschad