[Bug]: step cli has problems parsing certificate if there is any extra data appended to the file

Question

[Bug]: step cli has problems parsing certificate if there is any extra data appended to the file

sshipway opened this issue 6 months ago · 1 comments

sshipway commented 6 months ago

Steps to Reproduce

Issue a valid certificate using smallstep the usual way
Use step certificate needs-renewal to verify cert file is OK
Append a new text line to the end of the file (e.g. "\n foo \n").
Use step certificate needs-renewal on the file again, which should return the same but instead throws an error.

Your Environment

OS - linux centos 7
step CLI Version - Smallstep CLI/0.26.0 (linux/amd64) Release Date: 2024-03-29T02:25:03Z

Expected Behavior

The certificate should parse the same regardless of any additional data on the end of the file, and should correctly respond the same in both cases

Actual Behavior

When there is extra data after the certificate, there is an error:

error decoding PEM: file 'filename.crt' contains unexpected data

Note that openssl x509 has no problem parsing the file and resturning the correct response, even with the extra data

Additional Context

We are using an application that requires a DHPARAMS section to be appended to the certificate in the file. After adding this, step cli is no longer able to properly read the file for testing expiry, renewing, etc.

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

Answer 1 · 2024-04-23T00:26:31.000Z

This should be resolved in our latest release, v0.26.1. Please let us know if you see any issues.

Cheers 🍻