1. 首页
  2. 问答
  3. d2i_X509_CRL_bio返回NULL,错误号0xd06b08e

d2i_X509_CRL_bio返回NULL,错误号0xd06b08e

2016-11-17 60 views
1

下面是我的代码,其中IM使用获取CRL HTTPd2i_X509_CRL_bio返回NULL,错误号0xd06b08e

bp_bio = BIO_new_mem_buf(http_reply->payload, -1); 
if(!bp_bio) { 
    printf("recieved no data in http reply"); 
} 

crl = d2i_X509_CRL_bio(bp_bio, NULL); 
if (!crl) { 
    while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) { 
     printf("\n: CRL Error %x : %s : %s : %d\n", 
       l, ERR_error_string(l,buf), file,line); 
    } 
    printf("parsing failed"); 
} else { 
    ret = X509_CRL_dup(crl); 
} 
BIO_free(bp);

错误我得到的是:

CRL Error d06b08e : error:0D06B08E:lib(13):func(107):reason(142) : a_d2i_fp.c : 246

为什么d2i_X509_CRL_bio返回NULL,而我怎么修理它?

来源

2016-11-17 user3050267

+0

'OpenSSL的errstr 0xd06b08e'返回'错误:0D06B08E:ASN1编码程序:asn1_d2i_read_bio:不够data'。它看起来像'http_reply-> payload'太小或读取不完整。你能提供CRL的数据吗? – jww

+0

我从http://ss.symcb.com/ss.crl下载crl。 (int)http_reply-> bytes中的数据大小为1163154 – user3050267

回答

1

Error i am getting is:

CRL Error d06b08e : error:0D06B08E:lib(13):func(107):reason(142) : a_d2i_fp.c : 246

Why is d2i_X509_CRL_bio returning NULL, and how do I fix it?

问题在下面。 http_reply->payload是嵌入NULL的二进制数据,所以你需要提供一个明确的长度,而不是使用-1

bp_bio = BIO_new_mem_buf(http_reply->payload, -1);

如果你改变-1至1163154我猜,那么它将按预期工作:

$ ls -al ss.crl 
-rw-r--r-- ... 1163154 Nov 17 04:06 ss.crl

另见bio_new_mem_buf手册页:

BIO_new_mem_buf() creates a memory BIO using len bytes of data at buf, if len is -1 then the buf is assumed to be nul terminated and its length is determined by strlen. The BIO is set to a read only state and as a result cannot be written to...

以下是您如何验证OpenSSL的一面。

取CRL

$ wget -O ss.crl 'http://ss.symcb.com/ss.crl' 
--2016-11-17 07:15:49-- http://ss.symcb.com/ss.crl 
Resolving ss.symcb.com (ss.symcb.com)... 23.4.181.163 ... 
Connecting to ss.symcb.com (ss.symcb.com)|23.4.181.163|:80... connected. 
HTTP request sent, awaiting response... 200 OK 
Length: unspecified [application/pkix-crl] 
Saving to: ‘ss.crl’ 

ss.crl     [ <=>    ] 1.11M 3.75MB/s in 0.3s

验证CRL

使用彼得古特曼的dumpasn1,看看它很好地形成:

$ dumpasn1 ss.crl 
     0 1163149: SEQUENCE { 
     5 1162868: SEQUENCE { 
    10  1:  INTEGER 1 
    13  13:  SEQUENCE { 
    15  9:  OBJECT IDENTIFIER 
       :   sha256WithRSAEncryption (1 2 840 113549 1 1 11) 
    26  0:  NULL 
       :  } 
    28  126:  SEQUENCE { 
    30  11:  SET { 
    32  9:   SEQUENCE { 
    34  3:   OBJECT IDENTIFIER countryName (2 5 4 6) 
    39  2:   PrintableString 'US' 
       :   } 
       :   } 
    43  29:  SET { 
    45  27:   SEQUENCE { 
    47  3:   OBJECT IDENTIFIER organizationName (2 5 4 10) 
    52  20:   PrintableString 'Symantec Corporation' 
       :   } 
       :   } 
    74  31:  SET { 
    76  29:   SEQUENCE { 
    78  3:   OBJECT IDENTIFIER organizationalUnitName (2 5 4 11) 
    83  22:   PrintableString 'Symantec Trust Network' 
       :   } 
       :   } 
    ... 
1162878  13: SEQUENCE { 
1162880  9:  OBJECT IDENTIFIER 
       :  sha256WithRSAEncryption (1 2 840 113549 1 1 11) 
1162891  0:  NULL 
       :  } 
1162893  257: BIT STRING 
       :  A6 4F 77 4E 4C EB E2 6A 13 28 02 25 6C D8 41 56 
       :  71 35 19 02 47 53 44 B0 F1 6A CB 37 61 EC 1F 20 
       :  56 08 97 0C 58 33 7F 40 7E 87 29 0B 47 35 28 8B 
       :  1B 2A 0D 1F C5 1F F8 03 E8 6A FF E7 D3 BF C3 69 
       :  8D 3D BF 8D 1A 44 4A A2 2A 5A C3 1C 8E 5F 0C 1F 
       :  24 3E 49 99 8E F3 98 CB BD 3C EA D4 A0 A2 3C E6 
       :  D9 10 FE F2 C0 27 97 75 25 58 27 84 F0 1B 90 A3 
       :  0D 55 D7 EA D3 AE 0C BC BB F3 D7 77 CD 3A 0D 19 
       :    [ Another 128 bytes skipped ] 
       : } 

0 warnings, 0 errors.

负载CRL

$ cat test-crl.c 
#include <stdio.h> 
#include <openssl/x509.h> 
#include <openssl/bio.h> 

int main(int argc, char* argv[]) 
{ 
    BIO* bio = BIO_new_file("ss.crl", "r"); 
    if(bio == NULL) 
    { 
     fprintf(stderr, "Failed to create BIO\n"); 
     exit(1); 
    } 

    X509_CRL* crl = d2i_X509_CRL_bio(bio, NULL); 
    if(crl == NULL) 
    { 
     fprintf(stderr, "Failed to create CRL\n"); 
     exit(1); 
    } 

    fprintf(stdout, "Loaded CRL\n"); 

    X509_CRL_free(crl); 
    BIO_free(bio); 

    return 0; 
} 

$ gcc -I /usr/local/include test-crl.c /usr/local/lib/libcrypto.a -o test-crl.exe 

$ ./test-crl.exe 
Loaded CRL

您通常可以使错误代码的意义与openssl errstr实用程序:

$ openssl errstr 0xd06b08e 
error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data

我已经看到了发生故障的唯一时间是解码FIPS错误代码时ifopenssl实用程序未配置为FIPS。

http_reply->有效载荷

您应该确认您的http_reply->payload是通过其他工具提供的,像wget相同的数据。以下显示了使用wget获取时的第一个和最后64个字节。

$ wget -O ss.crl 'http://ss.symcb.com/ss.crl' 
--2016-11-17 14:12:20-- http://ss.symcb.com/ss.crl 
Resolving ss.symcb.com (ss.symcb.com)... 23.4.181.163 ... 
Connecting to ss.symcb.com (ss.symcb.com)|23.4.181.163|:80... connected. 
HTTP request sent, awaiting response... 200 OK 
Length: unspecified [application/pkix-crl] 
Saving to: ‘ss.crl’ 
... 

$ head -c 64 ss.crl | xxd -g 1 
0000000: 30 83 11 bf 8d 30 83 11 be 74 02 01 01 30 0d 06 0....0...t...0.. 
0000010: 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b .*.H........0~1. 
0000020: 30 09 06 03 55 04 06 13 02 55 53 31 1d 30 1b 06 0...U....US1.0.. 
0000030: 03 55 04 0a 13 14 53 79 6d 61 6e 74 65 63 20 43 .U....Symantec C 

$ tail -c 64 ss.crl | xxd -g 1 
0000000: 16 2a d7 ab 7c e2 42 0e 95 32 14 fe f1 0d b8 6d .*..|.B..2.....m 
0000010: a4 9b ec 17 fb b3 db d2 0b 9d 83 a8 a7 79 5b d5 .............y[. 
0000020: e9 56 4d aa 65 e3 3b f5 ad 79 58 c7 0a d4 00 3b .VM.e.;..yX....; 
0000030: f8 c6 73 df 9e c0 54 7d 57 05 2d 7f cb 5c bc 74 ..s...T}W.-..\.t

来源

2016-11-17 12:31:19 jww

+0

在提供确切值 – user3050267

+0

@ user3050267 - ***之后,它仍然失败如果***其相同的错误,那么它听起来像填充了“http_reply-> >有效载荷“不能按预期工作。您是否在使用其他工具(如“wget”)时验证了“有效载荷”的大小是预期的大小?你把'http_reply-> payload'保存到一个文件中,然后用'dumpasn1'验证它,或者通过上面的程序运行它? – jww

+0

CRL错误d09e09b:错误:0D09E09B:lib(13):func(158):reason(155):x_name.c:203 CRL错误d08303a:错误:0D08303A:lib(13):func(131):reason(58 ):tasn_dec.c:697 – user3050267

相关问题

 相关问题