Encode OCSP nonce value as an octet string (RFC 6960)
eb7833b8720cUnpublished
Actions

Unpublished Commit · Learn More

Not On Permanent Ref: This commit is not an ancestor of any permanent ref.

Description

Encode OCSP nonce value as an octet string (RFC 6960)

* src/ocsp.c (ksba_ocsp_set_nonce): Stop removing the sign bit.
 (write_request_extensions): Encode nonce as octet string.
 (parse_response_extensions): Decode nonce as octet string.

The type of nonce value was not specified back in RFC 2560, but RFC
6960 has clarified the situation by requiring an octet string. This
is also what OpenSSL does since 0.9.7d. Doing the same improves
interoperability with some responders (and Wireshark packet dissectors).

Signed-off-by: Tomáš Trnka <tomastrnka@gmx.com>

Details

Provenance

tootea	Authored on Jul 3 2016, 9:27 PM
• werner	Committed on Jul 17 2016, 9:20 AM

Parents

rKee203f948a65: build: Update config.{guess,sub} to {2016-05-15,2016-06-20}.

Branches

Unknown

Tags

Unknown

Event Timeline

Werner Koch <wk@gnupg.org> committed rKeb7833b8720c: Encode OCSP nonce value as an octet string (RFC 6960) (authored by Tomáš Trnka <tomastrnka@gmx.com>).Jul 17 2016, 9:20 AM

Changes (1)

Path

Size

src/

ocsp.c

rKeb7833b8720c

View Options

Encode OCSP nonce value as an octet string (RFC 6960)eb7833b8720cUnpublishedActions