Skip to content

Using old packages for cert-chain #13714

New issue
New issue
Open
Open
Using old packages for cert-chain#13714
Labels
kind/featureCategorizes issue or PR as related to a new feature.needs-priorityneeds-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.
@wooffie

Description

@wooffie
wooffie
opened on Aug 5, 2025

This issue just for spot minor problem.

Project use unmaintainable packages for ssl

github.com/zakjan/cert-chain-resolver v0.0.0-20221221105603-fcedb00c5b30
github.com/fullsailor/pkcs7 v0.0.0-20190404230743-d7302db945fa // indirect

For example, there is easy way to get panic from net/ssl

func TestFullChainCert(t *testing.T){
	var data = []byte{0x30, 0x80, 0x30, 0x80, 0x30}
	fullChainCert(data)
}
Running tool: /usr/bin/go test -timeout 30s -run ^TestFullChainCert$ k8s.io/ingress-nginx/internal/net/ssl

--- FAIL: TestFullChainCert (0.00s)
panic: runtime error: index out of range [5] with length 5 [recovered]
	panic: runtime error: index out of range [5] with length 5

goroutine 7 [running]:
testing.tRunner.func1.2({0x1708bc0, 0xc000047e60})
	/usr/lib/go-1.24/src/testing/testing.go:1734 +0x21c
testing.tRunner.func1()
	/usr/lib/go-1.24/src/testing/testing.go:1737 +0x35e
panic({0x1708bc0?, 0xc000047e60?})
	/usr/lib/go-1.24/src/runtime/panic.go:792 +0x132
github.com/fullsailor/pkcs7.readObject({0xc000452f38?, 0x0?, 0x26cd7a0?}, 0x7a8aca578ab0?)
	/home/wooffie/go/pkg/mod/github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa/ber.go:162 +0x626
github.com/fullsailor/pkcs7.readObject({0xc000452f38, 0x5, 0x5}, 0x2)
	/home/wooffie/go/pkg/mod/github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa/ber.go:211 +0x365
github.com/fullsailor/pkcs7.readObject({0xc000452f38, 0x5, 0x5}, 0x0)
	/home/wooffie/go/pkg/mod/github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa/ber.go:211 +0x365
github.com/fullsailor/pkcs7.ber2der({0xc000452f38, 0x5, 0x5})
	/home/wooffie/go/pkg/mod/github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa/ber.go:64 +0x65
github.com/fullsailor/pkcs7.Parse({0xc000452f38, 0x5, 0x5})
	/home/wooffie/go/pkg/mod/github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa/pkcs7.go:127 +0x5e
github.com/zakjan/cert-chain-resolver/certUtil.DecodeCertificate({0xc000452f38?, 0x66b?, 0x66a?})
	/home/wooffie/go/pkg/mod/github.com/zakjan/cert-chain-resolver@v0.0.0-20221221105603-fcedb00c5b30/certUtil/io.go:70 +0xde
k8s.io/ingress-nginx/internal/net/ssl.fullChainCert({0xc000452f38?, 0x54c713?, 0x4b42b3?})
	/home/wooffie/work/github/ingress-nginx/internal/net/ssl/ssl.go:447 +0x27
k8s.io/ingress-nginx/internal/net/ssl.TestFullChainCert(0xc0003b48c0?)
	/home/wooffie/work/github/ingress-nginx/internal/net/ssl/ssl_test.go:491 +0x31
testing.tRunner(0xc0003b48c0, 0x18fd730)
	/usr/lib/go-1.24/src/testing/testing.go:1792 +0xf4
created by testing.(*T).Run in goroutine 1
	/usr/lib/go-1.24/src/testing/testing.go:1851 +0x413
FAIL	k8s.io/ingress-nginx/internal/net/ssl	0.015s
FAIL

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.needs-priorityneeds-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.

    Type

    No type

    Projects

    [SIG Network] Ingress NGINX

    Status

    No status

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions