diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index d1c82f8e1..1dc9eef9d 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -3081,6 +3081,7 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert) { word32 idx = 0; int length = 0; + byte b; word32 oid; CYASSL_ENTER("DecodeAuthInfo"); @@ -3088,35 +3089,26 @@ static void DecodeAuthInfo(byte* input, int sz, DecodedCert* cert) /* Unwrap the list of AIAs */ if (GetSequence(input, &idx, &length, sz) < 0) return; - /* Unwrap a single AIA */ - if (GetSequence(input, &idx, &length, sz) < 0) return; + while (idx < (word32)sz) { + /* Unwrap a single AIA */ + if (GetSequence(input, &idx, &length, sz) < 0) return; - oid = 0; - if (GetObjectId(input, &idx, &oid, sz) < 0) return; + oid = 0; + if (GetObjectId(input, &idx, &oid, sz) < 0) return; - /* Only supporting URIs right now. */ - if (input[idx] == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI)) - { - idx++; + /* Only supporting URIs right now. */ + b = input[idx++]; if (GetLength(input, &idx, &length, sz) < 0) return; - cert->extAuthInfoSz = length; - cert->extAuthInfo = input + idx; + if (b == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI) && + oid == AIA_OCSP_OID) + { + cert->extAuthInfoSz = length; + cert->extAuthInfo = input + idx; + break; + } idx += length; } - else - { - /* Skip anything else. */ - idx++; - if (GetLength(input, &idx, &length, sz) < 0) return; - idx += length; - } - - if (idx < (word32)sz) - { - CYASSL_MSG("\tThere are more Authority Information Access records, " - "but we only use first one."); - } return; } diff --git a/cyassl/ctaocrypt/asn.h b/cyassl/ctaocrypt/asn.h index 90ba8c7a1..da5c5e0ab 100644 --- a/cyassl/ctaocrypt/asn.h +++ b/cyassl/ctaocrypt/asn.h @@ -227,6 +227,11 @@ enum SepHardwareName_Sum { HW_NAME_OID = 79 /* 1.3.6.1.5.5.7.8.4 from RFC 4108*/ }; +enum AuthInfo_Sum { + AIA_OCSP_OID = 116, /* 1.3.6.1.5.5.7.48.1 */ + AIA_CA_ISSUER_OID = 117 /* 1.3.6.1.5.5.7.48.2 */ +}; + enum VerifyType { NO_VERIFY = 0,