0

I have a Go application that reads and validates certificates, followed by a c++ application that uses the certificates from that location. Golang is automatically removing all (invalid) whitespace characters that are present in a certificate, and thus there are no validation errors, while the c++ application using openssl isn't able to parse this certificate.

block, _ := pem.Decode([]byte(pemString))
err := pem.Encode(os.Stdout, block)
if err != nil {
    logrus.Fatal(err)
}

From above code, when I decode and encode a cert with whitespace, I get the result with all whitespace removed. Is there a way to identify if cert might have an issue with openssl?

I can check for whitespace, but I want to identify any and all problems that openssl can have with a certificate. Is there a better way to do this?

Sample example: https://play.golang.org/p/HvIRK99g33-

subtleseeker
  • 4,415
  • 5
  • 29
  • 41
  • What is the error you faced with C++? – Kamol Hasan Aug 10 '21 at 03:55
  • Parsing error, invalid cert. With the cert provided in play.golang, you can try `openssl rsa -in key -check` – subtleseeker Aug 10 '21 at 04:39
  • That example is a privatekey not a certificate; privatekeys and certificates are different things, though both plus many other things can be and mostly are PEM-encoded in/with OpenSSL. (And exposing your privatekey is a bad idea.) To read a certain type of data like privatekey OpenSSL first decodes the PEM 'armor' if used, decrypts if applicable (which your Go presumably doesn't), and then parses the data as a known ASN.1 type (mostly DER, sometimes BER) and may further check or interpret the results. Which of those do you care about, and for the latter, for which content type(s)? – dave_thompson_085 Aug 10 '21 at 06:16
  • Yeah, sorry for the confusion, with cert I meant it like an umbrella term. My question is more for any kind of pem file, cert, key, csr. Maybe this would add some context to my question: https://stackoverflow.com/a/40404153/6740589 – subtleseeker Aug 10 '21 at 10:52

0 Answers0