Giters

webauthn-open-source / fido2-lib

A node.js library for performing FIDO 2.0 / WebAuthn server functionality

Home Page:https://webauthn.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Cannot upgrade pkijs past 2.1.60

Hexagon opened this issue · comments

commented

Cannot figure this one out...

All is ok with pkijs@2.1.60 - Error with pkijs@2.1.61

    verifyCertChain ...
      rejects on empty arguments ... ok (13ms)
      works for MDS2 ... FAILED (93ms)
        Error: No revocation values found for one of certificates: No valid CRLs found
                                throw new Error(res.resultMessage);
                                      ^
            at Function.verifyCertChain (/fido2-lib/lib/certUtils.js:587:10)

Failing test:

fido2-lib/test/certUtils.test.js

Line 531 in e60117e

it("works for MDS2", function() {

Related certs available here:

fido2-lib/test/helpers/fido2-helpers.js

Line 4598 in e60117e

const mdsRootCert = "-----BEGIN CERTIFICATE-----\n" +

Failing line:

fido2-lib/lib/certUtils.js

Line 587 in e60117e

throw new Error(res.resultMessage);

Could it be related to this change in CertificateChainValidationEngine.js? Or something else?

image

commented

MDS v2 is deprecated - maybe it was turned off and CRLs were taken down?

commented

Oh, there it is. If i "turn back time" the tests pass with latest version of pkijs, and it does not seem possible to update certs/crls. The failing tests needs to be disabled.

Edit: Well... maybe the tests should be kept, but we change the expected outcome to throwing with the correct Error.