[Bug]: step cli has problems parsing certificate if there is any extra data appended to the file
sshipway opened this issue · 1 comments
Steps to Reproduce
- Issue a valid certificate using smallstep the usual way
- Use
step certificate needs-renewal
to verify cert file is OK - Append a new text line to the end of the file (e.g. "\n foo \n").
- Use
step certificate needs-renewal
on the file again, which should return the same but instead throws an error.
Your Environment
- OS - linux centos 7
step
CLI Version - Smallstep CLI/0.26.0 (linux/amd64) Release Date: 2024-03-29T02:25:03Z
Expected Behavior
The certificate should parse the same regardless of any additional data on the end of the file, and should correctly respond the same in both cases
Actual Behavior
When there is extra data after the certificate, there is an error:
error decoding PEM: file 'filename.crt' contains unexpected data
Note that openssl x509
has no problem parsing the file and resturning the correct response, even with the extra data
Additional Context
We are using an application that requires a DHPARAMS section to be appended to the certificate in the file. After adding this, step cli is no longer able to properly read the file for testing expiry, renewing, etc.
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
This should be resolved in our latest release, v0.26.1. Please let us know if you see any issues.
Cheers 🍻