x509: Properly wrap keyid in authorityKeyIdentifier in attribute certificates
authorTobias Brunner <tobias@strongswan.org>
Thu, 31 Mar 2016 10:14:47 +0000 (12:14 +0200)
committerTobias Brunner <tobias@strongswan.org>
Mon, 6 Jun 2016 11:46:11 +0000 (13:46 +0200)
The correct encoding got lost in bdec2e4f5291 ("refactored openac and
its attribute certificate factory").

Fixes #1370.

src/libstrongswan/plugins/x509/x509_ac.c

index bfc2004..aea8eb5 100644 (file)
@@ -706,6 +706,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this)
                if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &keyIdentifier))
                {
                        this->authKeyIdentifier = chunk_clone(keyIdentifier);
+                       keyIdentifier = asn1_simple_object(ASN1_CONTEXT_S_0, keyIdentifier);
                }
                public->destroy(public);
        }
@@ -716,7 +717,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this)
        return asn1_wrap(ASN1_SEQUENCE, "mm",
                                asn1_build_known_oid(OID_AUTHORITY_KEY_ID),
                                asn1_wrap(ASN1_OCTET_STRING, "m",
-                                       asn1_wrap(ASN1_SEQUENCE, "cmm",
+                                       asn1_wrap(ASN1_SEQUENCE, "mmm",
                                                keyIdentifier,
                                                authorityCertIssuer,
                                                authorityCertSerialNumber