projects / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 93e0898)
x509: Correctly encode nonce in OCSP request
authorTobias Brunner <tobias@strongswan.org>
Fri, 7 Jul 2017 06:53:32 +0000 (08:53 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 7 Jul 2017 06:57:14 +0000 (08:57 +0200)
The nonce value is encoded as OCTET STRING, however, the extension
values themselves must also be encoded as OCTET STRING.

src/libstrongswan/plugins/x509/x509_ocsp_request.c patch | blob | history

diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index e32f8ee..aef76af 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -209,7 +209,8 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this)
        }
        rng->destroy(rng);
        return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
-                               asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
+                               asn1_wrap(ASN1_OCTET_STRING, "m",
+                                       asn1_simple_object(ASN1_OCTET_STRING, this->nonce)));
 }
 
 /**
strongSwan - IPsec VPN