From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id 2C2F51FF14F for ; Wed, 17 Jun 2026 14:43:45 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id BBB4B34351; Wed, 17 Jun 2026 14:43:39 +0200 (CEST) From: Thomas Ellmenreich To: pve-devel@lists.proxmox.com Subject: [PATCH common/proxmox-acme v2 0/2] fix #5978: pem parser: relax parsing of chain entries Date: Wed, 17 Jun 2026 14:42:49 +0200 Message-ID: <20260617124251.89036-1-t.ellmenreich@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2 X-Bm-Transport-Timestamp: 1781700127468 X-SPAM-LEVEL: Spam detection results: 0 AWL 0.087 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [acme.pm,certificate.pm] Message-ID-Hash: W2ONQSIOVOSPJZJ4OA64MXQFCFMJIUCO X-Message-ID-Hash: W2ONQSIOVOSPJZJ4OA64MXQFCFMJIUCO X-MailFrom: t.ellmenreich@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Thomas Ellmenreich X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox VE development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: According to RFC 8555, expected certchains should come without whitespace or explanatory texts inbetween chain entries. These two patches relax our parser to also accept text or whitespaces inbetween chain entries. pve-common: Thomas Ellmenreich (1): fix #5978: pem parser: relax parsing of chain entries: src/PVE/Certificate.pm | 25 +++- test/Makefile | 2 + test/check_pem_test.pl | 332 +++++++++++++++++++++++++++++++++++++++++ test/split_pem_test.pl | 272 +++++++++++++++++++++++++++++++++ 4 files changed, 625 insertions(+), 6 deletions(-) create mode 100755 test/check_pem_test.pl create mode 100755 test/split_pem_test.pl proxmox-acme: Thomas Ellmenreich (1): fix #5978: pem parser: relax parsing of chain entries: src/PVE/ACME.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) Summary over all repositories: 5 files changed, 629 insertions(+), 10 deletions(-) -- Generated by murpp 0.12.0