Message333183
Your Windows cert store contains multiple invalid certificates. The first failing certificate is the custom "MUPCA Root", which looks like a certificate from http://ca.mup.gov.rs/sertifikati.html. The serial number seems to be badly formated or padded. There is nothing we can do about erroneous and bad certificates.
$ openssl x509 -in ca.pem
unable to load certificate
140613019477824:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding:crypto/asn1/a_int.c:187:
140613019477824:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=serialNumber, Type=X509_CINF
140613019477824:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
140613019477824:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:
$ openssl asn1parse -in ca.pem
0:d=0 hl=4 l=1300 cons: SEQUENCE
4:d=1 hl=4 l= 764 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 4 prim: INTEGER :BAD INTEGER:[00000066]
19:d=2 hl=2 l= 13 cons: SEQUENCE
21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
32:d=3 hl=2 l= 0 prim: NULL
34:d=2 hl=2 l= 83 cons: SEQUENCE
36:d=3 hl=2 l= 19 cons: SET
38:d=4 hl=2 l= 17 cons: SEQUENCE
40:d=5 hl=2 l= 3 prim: OBJECT :commonName
45:d=5 hl=2 l= 10 prim: UTF8STRING :MUPCA Root
57:d=3 hl=2 l= 29 cons: SET
59:d=4 hl=2 l= 27 cons: SEQUENCE
61:d=5 hl=2 l= 3 prim: OBJECT :organizationName
66:d=5 hl=2 l= 20 prim: UTF8STRING :MUP Republike Srbije
88:d=3 hl=2 l= 16 cons: SET
90:d=4 hl=2 l= 14 cons: SEQUENCE
92:d=5 hl=2 l= 3 prim: OBJECT :localityName
97:d=5 hl=2 l= 7 prim: UTF8STRING :Beograd
106:d=3 hl=2 l= 11 cons: SET
108:d=4 hl=2 l= 9 cons: SEQUENCE
110:d=5 hl=2 l= 3 prim: OBJECT :countryName
115:d=5 hl=2 l= 2 prim: PRINTABLESTRING :RS
119:d=2 hl=2 l= 30 cons: SEQUENCE
121:d=3 hl=2 l= 13 prim: UTCTIME :100227161918Z
136:d=3 hl=2 l= 13 prim: UTCTIME :200227161918Z
...
$ wget http://ca.mup.gov.rs/MUPCARoot.crt
$ openssl x509 -in MUPCARoot.crt -inform DER
unable to load certificate
140699773712192:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding:crypto/asn1/a_int.c:187:
140699773712192:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=serialNumber, Type=X509_CINF
140699773712192:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509 |
|
Date |
User |
Action |
Args |
2019-01-07 19:53:43 | christian.heimes | set | recipients:
+ christian.heimes, vstinner, pervlad |
2019-01-07 19:53:42 | christian.heimes | set | messageid: <1546890822.62.0.386984330604.issue35665@roundup.psfhosted.org> |
2019-01-07 19:53:42 | christian.heimes | link | issue35665 messages |
2019-01-07 19:53:42 | christian.heimes | create | |
|