From bfe8b9b76c292e9a55072f1fc87e1b7152b775d0 Mon Sep 17 00:00:00 2001 From: jordan Date: Thu, 20 Oct 2022 15:10:36 -0500 Subject: [PATCH 1/2] correct DIST_POINT_NAME type value --- src/x509.c | 3 ++- tests/api.c | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/src/x509.c b/src/x509.c index d3fe112f6..abd9f7368 100644 --- a/src/x509.c +++ b/src/x509.c @@ -4118,8 +4118,9 @@ static WOLFSSL_DIST_POINT_NAME* wolfSSL_DIST_POINT_NAME_new(void) } gns->type = STACK_TYPE_GEN_NAME; + /* Setting type to 0 because this is fullname */ dpn->name.fullname = gns; - dpn->type = CRL_DIST_OID; + dpn->type = 0; return dpn; } diff --git a/tests/api.c b/tests/api.c index 9a0fc101d..7da09501c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -42524,6 +42524,7 @@ static int test_wolfSSL_sk_DIST_POINT(void) int bytes, i, j; XFILE f; DIST_POINT* dp; + DIST_POINT_NAME* dpn; GENERAL_NAME* gn; ASN1_IA5STRING* uri; STACK_OF(DIST_POINT)* dps; @@ -42546,6 +42547,10 @@ static int test_wolfSSL_sk_DIST_POINT(void) AssertIntEQ(sk_DIST_POINT_num(dps), 1); for (i = 0; i < sk_DIST_POINT_num(dps); i++) { AssertNotNull(dp = sk_DIST_POINT_value(dps, i)); + AssertNotNull(dpn = dp->distpoint); + + /* this should be type 0, fullname */ + AssertIntEQ(dpn->type, 0); gns = dp->distpoint->name.fullname; AssertNotNull(gns); From e409acc0f7582573318bee47cc7ac5edcebbfb31 Mon Sep 17 00:00:00 2001 From: jordan Date: Fri, 21 Oct 2022 12:38:04 -0500 Subject: [PATCH 2/2] cite RFC 5280 in DIST_POINT_NAME comment --- src/x509.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/x509.c b/src/x509.c index abd9f7368..ba695ef4b 100644 --- a/src/x509.c +++ b/src/x509.c @@ -4118,7 +4118,8 @@ static WOLFSSL_DIST_POINT_NAME* wolfSSL_DIST_POINT_NAME_new(void) } gns->type = STACK_TYPE_GEN_NAME; - /* Setting type to 0 because this is fullname */ + /* DIST_POINT_NAME type may be 0 or 1, indicating whether fullname or + * relativename is used. See: RFC 5280 section 4.2.1.13 */ dpn->name.fullname = gns; dpn->type = 0;