forked from wolfSSL/wolfssl
fixes ocsp nonce extension decoding;
enables use of ocsp nonce extension in the client example.
This commit is contained in:
Moisés Guimarães
@ -905,7 +905,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
| WOLFSSL_OCSP_URL_OVERRIDE);
|
| WOLFSSL_OCSP_URL_OVERRIDE);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
|
wolfSSL_CTX_EnableOCSP(ctx, 0);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -1007,7 +1007,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
|
|||||||
WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS)
|
WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS)
|
||||||
err_sys("UseCertificateStatusRequest failed");
|
err_sys("UseCertificateStatusRequest failed");
|
||||||
|
|
||||||
wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
|
wolfSSL_CTX_EnableOCSP(ctx, 0);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@ -8579,6 +8579,17 @@ static int DecodeOcspRespExtensions(byte* source,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (oid == OCSP_NONCE_OID) {
|
if (oid == OCSP_NONCE_OID) {
|
||||||
|
/* get data inside extra OCTET_STRING */
|
||||||
|
if (source[idx++] != ASN_OCTET_STRING) {
|
||||||
|
WOLFSSL_MSG("\tfail: should be an OCTET STRING");
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (GetLength(source, &idx, &length, sz) < 0) {
|
||||||
|
WOLFSSL_MSG("\tfail: extension data length");
|
||||||
|
return ASN_PARSE_E;
|
||||||
|
}
|
||||||
|
|
||||||
resp->nonce = source + idx;
|
resp->nonce = source + idx;
|
||||||
resp->nonceSz = length;
|
resp->nonceSz = length;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user