cfssl icon indicating copy to clipboard operation
cfssl copied to clipboard
verified publisher icon cloudflare

Failing when file has multiple PEM blocks

Open prateeknischal opened this issue 6 years ago • 3 comments

For the command cfssl certinfo -cert <file>, if the file has multiple PEM blocks, it fails with the error

{
  "code": 1003,
  "message": "the PEM file should contain only one object"
}

If we are to go with the openssl behaviour, it should ignore the other PEM blocks and process only the first valid Certificate PEM block it encounters. I can see a snippet that deliberately fails when the file or stream has multiple valid PEM blocks instead of ignoring. https://github.com/cloudflare/cfssl/blob/e04a6ddc69119c6ded64e0f61f76150066040105/helpers/helpers.go#L286-L300 Because, if i want to parse a pem bundle that has all the certificates including issuers and intermediates, i would want to see the leaf, without trying to manually copy it and paste to the stdout.

Please let me know if this sounds like a valid enhancement and I'd be happy to send a pull request.

prateeknischal avatar Feb 09 '19 10:02 prateeknischal

Fix available at https://github.com/cloudflare/cfssl/pull/970

prateeknischal avatar Feb 09 '19 13:02 prateeknischal

I ran into this while setting up cfsll and this issue helped me workaround the error. I would love to see the maintainers of this project comment on this issue/PR.

brandonmcclure avatar Oct 12 '20 02:10 brandonmcclure

Interested in a fix

AndrewSav avatar May 28 '24 23:05 AndrewSav