x509: Correctly encode nonce in OCSP request
authorTobias Brunner <tobias@strongswan.org>
Fri, 7 Jul 2017 06:53:32 +0000 (08:53 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 7 Jul 2017 06:57:14 +0000 (08:57 +0200)
The nonce value is encoded as OCTET STRING, however, the extension
values themselves must also be encoded as OCTET STRING.

src/libstrongswan/plugins/x509/x509_ocsp_request.c

index e32f8ee..aef76af 100644 (file)
@@ -209,7 +209,8 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this)
        }
        rng->destroy(rng);
        return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
-                               asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
+                               asn1_wrap(ASN1_OCTET_STRING, "m",
+                                       asn1_simple_object(ASN1_OCTET_STRING, this->nonce)));
 }
 
 /**