revocation: Allow CRLs to be encoded in PEM format
authorTobias Brunner <tobias@strongswan.org>
Wed, 11 Nov 2015 13:26:00 +0000 (14:26 +0100)
committerTobias Brunner <tobias@strongswan.org>
Thu, 12 Nov 2015 13:40:44 +0000 (14:40 +0100)
Since the textual representation for a CRL is now standardized
in RFC 7468 one could argue that we should accept that too, even
though RFC 5280 explicitly demands CRLs fetched via HTTP/FTP to
be in DER format.  But in particular for file URIs enforcing that
seems inconvenient.

Fixes #1203.

src/libstrongswan/plugins/revocation/revocation_validator.c

index 9fd5b2a..fdcb990 100644 (file)
@@ -367,7 +367,7 @@ static certificate_t* fetch_crl(char *url)
                return NULL;
        }
        crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
-                                                        BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
+                                                        BUILD_BLOB_PEM, chunk, BUILD_END);
        chunk_free(&chunk);
        if (!crl)
        {