From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 7 Jul 2017 06:53:32 +0000 (+0200)
Subject: x509: Correctly encode nonce in OCSP request
X-Git-Tag: 5.6.0dr1~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d7dc677ee5727617d8c8fc43754786527717a884;p=thirdparty%2Fstrongswan.git

x509: Correctly encode nonce in OCSP request

The nonce value is encoded as OCTET STRING, however, the extension
values themselves must also be encoded as OCTET STRING.
---

diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
index e32f8eefe2..aef76af326 100644
--- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c
+++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c
@@ -209,7 +209,8 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this)
 	}
 	rng->destroy(rng);
 	return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid,
-				asn1_simple_object(ASN1_OCTET_STRING, this->nonce));
+				asn1_wrap(ASN1_OCTET_STRING, "m",
+					asn1_simple_object(ASN1_OCTET_STRING, this->nonce)));
 }
 
 /**