From: Martin Willi <martin@revosec.ch>
Date: Wed, 26 May 2010 14:09:50 +0000 (+0200)
Subject: Unwrap subjectKeyIdentifier from OCTET_STRING
X-Git-Tag: 4.4.1~216
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f00a1015904c3718fa6a186d3e5a9b209227d76e;p=thirdparty%2Fstrongswan.git

Unwrap subjectKeyIdentifier from OCTET_STRING
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index 4515105840..05b3c63ecb 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -666,10 +666,18 @@ static bool parse_authKeyIdentifier_ext(private_openssl_x509_t *this,
 static bool parse_subjectKeyIdentifier_ext(private_openssl_x509_t *this,
 										   X509_EXTENSION *ext)
 {
-	free(this->subjectKeyIdentifier.ptr);
-	this->subjectKeyIdentifier = chunk_clone(openssl_asn1_str2chunk(
-												X509_EXTENSION_get_data(ext)));
-	return TRUE;
+	chunk_t ostr;
+
+	ostr = openssl_asn1_str2chunk(X509_EXTENSION_get_data(ext));
+	/* quick and dirty unwrap of octet string */
+	if (ostr.len > 2 &&
+		ostr.ptr[0] == V_ASN1_OCTET_STRING && ostr.ptr[1] == ostr.len - 2)
+	{
+		free(this->subjectKeyIdentifier.ptr);
+		this->subjectKeyIdentifier = chunk_clone(chunk_skip(ostr, 2));
+		return TRUE;
+	}
+	return FALSE;
 }
 
 /**