Fails with multiple "CA Issuers" lines

Question

Fails with multiple "CA Issuers" lines

heiko3 opened this issue 9 years ago · 4 comments

The script fails if there are multiple "CA Issuers - URI" entries within a certificate. Example: host certificate of www.zedat.fu-berlin.de

cert_get_issuer_url() returns both and wget fails. Either cert_get_issuer_url() should return only the first entry or there should be a loop in main() over all URLs until one succeed.

Answer 1 · 2015-11-10T13:09:18.000Z

I'm referring to the sh variant. The Go version does not have this issue.

Answer 2 · 2015-11-10T14:07:12.000Z

Thanks for reporting! From spec the CA Issuers field indeed is an array, however I haven't seen multiple issuers before.

Is it ok to update Shell script to process only the first URL as in Go app, or should I somehow check other URLs?

Answer 3 · 2015-11-10T15:52:10.000Z

Checking only the first URL should be sufficient in most of all cases, e.g. with exit in awk statement:

cert_get_issuer_url() {
cert_pem_to_text | awk 'BEGIN {FS="CA Issuers - URI:"} NF==2 {print $2;exit}'
}

Answer 4 · 2015-11-10T18:47:14.000Z

Fixed in ab3b7d1 as you suggested. Closing.