From: Philippe Antoine <pantoine@oisf.net>
Date: Fri, 30 Jun 2023 07:00:49 +0000 (+0200)
Subject: tls: update x509 crate to v0.8
X-Git-Tag: suricata-6.0.14~71
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=afeb022164d98aa44cd384b9be251bb3d82f6b80;p=thirdparty%2Fsuricata.git

tls: update x509 crate to v0.8

Ticket: #5439

Fixes cetificate parsing without issuer, and do not require an
update to MSRV.
---

diff --git a/rust/Cargo.toml.in b/rust/Cargo.toml.in
index 36daa9de87..fda82e3487 100644
--- a/rust/Cargo.toml.in
+++ b/rust/Cargo.toml.in
@@ -41,7 +41,11 @@ ntp-parser = "0.4"
 ipsec-parser = "0.5"
 snmp-parser = "0.6"
 tls-parser = "0.9"
-x509-parser = "0.6.5"
+# required by x509 to keep MSRV support
+chrono = "=0.4.19"
+thiserror = "=1.0.39"
+data-encoding = "=2.3.3"
+x509-parser = "0.8.2"
 libc = "0.2.67"
 
 [dev-dependencies]
diff --git a/rust/src/x509/mod.rs b/rust/src/x509/mod.rs
index 353edb1d44..5ab268ba5b 100644
--- a/rust/src/x509/mod.rs
+++ b/rust/src/x509/mod.rs
@@ -30,12 +30,8 @@ pub enum X509DecodeError {
     InvalidCert,
     /// Some length does not match, or certificate is incomplete
     InvalidLength,
-    InvalidVersion,
-    InvalidSerial,
-    InvalidAlgorithmIdentifier,
     InvalidX509Name,
     InvalidDate,
-    InvalidExtensions,
     /// DER structure is invalid
     InvalidDER,
 }
@@ -112,8 +108,8 @@ pub unsafe extern "C" fn rs_x509_get_validity(
         return -1;
     }
     let x509 = &*ptr;
-    let n_b = x509.0.tbs_certificate.validity.not_before.to_timespec().sec;
-    let n_a = x509.0.tbs_certificate.validity.not_after.to_timespec().sec;
+    let n_b = x509.0.tbs_certificate.validity.not_before.timestamp();
+    let n_a = x509.0.tbs_certificate.validity.not_after.timestamp();
     *not_before = n_b;
     *not_after = n_a;
     0
@@ -136,12 +132,8 @@ fn x509_parse_error_to_errcode(e: &nom::Err<X509Error>) -> X509DecodeError {
     match e {
         nom::Err::Incomplete(_) => X509DecodeError::InvalidLength,
         nom::Err::Error(e) | nom::Err::Failure(e) => match e {
-            X509Error::InvalidVersion => X509DecodeError::InvalidVersion,
-            X509Error::InvalidSerial => X509DecodeError::InvalidSerial,
-            X509Error::InvalidAlgorithmIdentifier => X509DecodeError::InvalidAlgorithmIdentifier,
             X509Error::InvalidX509Name => X509DecodeError::InvalidX509Name,
             X509Error::InvalidDate => X509DecodeError::InvalidDate,
-            X509Error::InvalidExtensions => X509DecodeError::InvalidExtensions,
             X509Error::Der(_) => X509DecodeError::InvalidDER,
             _ => X509DecodeError::InvalidCert,
         },