#20966 new defect

Ova/Ovf Signature Verification Issue

Reported by:	MustafaBayrak	Owned by:
Component:	OVF	Version:	VirtualBox 6.1.34
Keywords:		Cc:
Guest type:	other	Host type:	Windows

Description

I sign my ovf file with my own code signing certificate. I am getting a certificate validation error while importing the resulting signed ovf file. I am getting this error even though I upload the SubCA and CA certificates of the signing certificate to the Windows Certificate Store.

I downloaded the source code of the 6.1.34 version of VirtualBox and debug it on my windows machine. And I found that the problem was because of the Name Constraints extension in the SubCA certificate of the certificate I signed.

While reading SubCA certificate from Windows Certificate Store on rtCrStoreAddCertsFromNative method, RTCrX509Certificate_DecodeAsn1 method gives an error in the relevant SubCA certificate. The error message reads: 0x00000000033ae4e8 "CurCtx.Cert.TbsCertificate.T3.Extensions.papItems#.ExtnValue.NameConstraings. It gives error 0x80 (expected 0x10/0x20)'

What kind of a problem is there in the SubCA certificate, can you help with this?

Attachments (4)

SubCA.crt (1.8 KB ) - added by MustafaBayrak 3 years ago.: SubCA.crt
Signing.crt (2.4 KB ) - added by MustafaBayrak 3 years ago.: Siging Certificate
CA.crt (1.5 KB ) - added by MustafaBayrak 3 years ago.: CA
VBox.png (61.8 KB ) - added by MustafaBayrak 3 years ago.: Signature Verification Error

Download all attachments as: .zip

Change History (4)

by MustafaBayrak, 3 years ago

Attachment:	SubCA.crt added

SubCA.crt

by MustafaBayrak, 3 years ago

Attachment:	Signing.crt added

Siging Certificate

by MustafaBayrak, 3 years ago

Attachment:	CA.crt added

by MustafaBayrak, 3 years ago

Attachment:	VBox.png added

Signature Verification Error

Note: See TracTickets for help on using tickets.

Download in other formats: