From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 31 Mar 2016 10:14:47 +0000 (+0200)
Subject: x509: Properly wrap keyid in authorityKeyIdentifier in attribute certificates
X-Git-Tag: 5.5.0dr1~48
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9aaea4dbfe253f2d8f55252fa8ce43bf160256dc;p=thirdparty%2Fstrongswan.git

x509: Properly wrap keyid in authorityKeyIdentifier in attribute certificates

The correct encoding got lost in bdec2e4f5291 ("refactored openac and
its attribute certificate factory").

Fixes #1370.
---

diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c
index bfc200421c..aea8eb53db 100644
--- a/src/libstrongswan/plugins/x509/x509_ac.c
+++ b/src/libstrongswan/plugins/x509/x509_ac.c
@@ -706,6 +706,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this)
 		if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &keyIdentifier))
 		{
 			this->authKeyIdentifier = chunk_clone(keyIdentifier);
+			keyIdentifier = asn1_simple_object(ASN1_CONTEXT_S_0, keyIdentifier);
 		}
 		public->destroy(public);
 	}
@@ -716,7 +717,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this)
 	return asn1_wrap(ASN1_SEQUENCE, "mm",
 				asn1_build_known_oid(OID_AUTHORITY_KEY_ID),
 				asn1_wrap(ASN1_OCTET_STRING, "m",
-					asn1_wrap(ASN1_SEQUENCE, "cmm",
+					asn1_wrap(ASN1_SEQUENCE, "mmm",
 						keyIdentifier,
 						authorityCertIssuer,
 						authorityCertSerialNumber