Etusivu Tutki Apua
Rekisteröidy Kirjaudu sisään
publics
/
crypto
0
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Selaa lähdekoodia

ocsp: Remove "explicit" tag from "revokedInfo"

The current implementation is not compliant with the ASN.1 structure
for an OCSP response in RFC 6960. In the RFC, the "revoked" field is
marked "implicit". The "explicit" tag in the current struct causes
the encoder to emit an additional SEQUENCE, which cases some parsers
(notably OpenSSL) to reject OCSP responses as malformed.  This patch
simply removes the "explicit" tag, so that the emitted DER is
compliant with the RFC.

Change-Id: Ifa65a73a8d24f08fe3c2794309df772edc8bb114
Reviewed-on: https://go-review.googlesource.com/13572
Reviewed-by: Adam Langley <agl@golang.org>
Richard Barnes 10 vuotta sitten
vanhempi
83f1503f77
commit
173ce04bfa
1 muutettua tiedostoa jossa 1 lisäystä ja 1 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 1 1
      ocsp/ocsp.go

+ 1 - 1
ocsp/ocsp.go
Näytä tiedosto 

@@ -87,7 +87,7 @@ type responseData struct {
 
 type singleResponse struct {
 
 	CertID     certID
 
 	Good       asn1.Flag   `asn1:"tag:0,optional"`
 
-	Revoked    revokedInfo `asn1:"explicit,tag:1,optional"`
 
+	Revoked    revokedInfo `asn1:"tag:1,optional"`
 
 	Unknown    asn1.Flag   `asn1:"tag:2,optional"`
 
 	ThisUpdate time.Time   `asn1:"generalized"`
 
 	NextUpdate time.Time   `asn1:"generalized,explicit,tag:0,optional"`