From 602bdee3d238546cd5894d55ee99649ea9cef53b Mon Sep 17 00:00:00 2001
From: elasticdotventures
 <35611074+elasticdotventures@users.noreply.github.com>
Date: Thu, 4 Mar 2021 20:50:25 +1100
Subject: [PATCH 1/2] Caught unhandled Openssl exception

when certificate is not valid causes crash & stack dump, regardless of validate_cert setting.
---
 pyas2lib/utils.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/pyas2lib/utils.py b/pyas2lib/utils.py
index a76ade9..8e8a67f 100644
--- a/pyas2lib/utils.py
+++ b/pyas2lib/utils.py
@@ -174,7 +174,10 @@ def split_pem(pem_bytes: bytes):
 
 
 def verify_certificate_chain(cert_bytes, trusted_certs, ignore_self_signed=True):
-    """Verify a given certificate against a trust store."""
+    """
+    Verify a given certificate against a trust store.
+    :return:  True; or None if certificate is invalid or cannot be loaded by OpenSSL. 
+    """
 
     # Load the certificate
     certificate = crypto.load_certificate(crypto.FILETYPE_ASN1, cert_bytes)
@@ -194,8 +197,12 @@ def verify_certificate_chain(cert_bytes, trusted_certs, ignore_self_signed=True)
         store_ctx = crypto.X509StoreContext(store, certificate)
 
         # Verify the certificate, returns None if certificate is not valid
-        store_ctx.verify_certificate()
-
+        try:
+            store_ctx.
+            ificate()
+        except Exception as e:
+            return None
+        
         return True
 
     except crypto.X509StoreContextError as e:

From 39214ec3ac58360acaf4a65843a0ab43dde84d54 Mon Sep 17 00:00:00 2001
From: elasticdotventures
 <35611074+elasticdotventures@users.noreply.github.com>
Date: Thu, 4 Mar 2021 20:52:39 +1100
Subject: [PATCH 2/2] fixed typo in code

---
 pyas2lib/utils.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/pyas2lib/utils.py b/pyas2lib/utils.py
index 8e8a67f..8267afd 100644
--- a/pyas2lib/utils.py
+++ b/pyas2lib/utils.py
@@ -198,8 +198,7 @@ def verify_certificate_chain(cert_bytes, trusted_certs, ignore_self_signed=True)
 
         # Verify the certificate, returns None if certificate is not valid
         try:
-            store_ctx.
-            ificate()
+            store_ctx.verify_certificate()
         except Exception as e:
             return None