]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
projects / thirdparty / gnutls.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fec8a39)
x509: Omit empty sequences of policyQualifiers.
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Fri, 14 May 2021 21:57:54 +0000 (17:57 -0400)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Mon, 17 May 2021 16:09:18 +0000 (12:09 -0400)
When a certificate has a policy attached but no policyQualifiers,
`certtool` should omit the policyQualifiers sequence entirely, rather
than emitting an empty sequence.

Closes: #1238
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
lib/x509/x509_ext.c patch | blob | blame | history

diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index df2eadd3b4f71e01d29e457b6024940c58f9c2d7..62cf02ce0679c502afcd1175d9f9d22dd73a352c 100644 (file)
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -2161,6 +2161,16 @@ int gnutls_x509_ext_export_policies(gnutls_x509_policies_t policies,
                        goto cleanup;
                }
 
+                if (policies->policy[j].qualifiers == 0) {
+                        /* remove the optional policyQualifiers if none are present. */
+                        result = asn1_write_value(c2, "?LAST.policyQualifiers", NULL, 0); 
+                        if (result != ASN1_SUCCESS) {
+                                gnutls_assert();
+                                result = _gnutls_asn2err(result);
+                                goto cleanup;
+                        }
+                }
+
                for (i = 0;
                     i < MIN(policies->policy[j].qualifiers,
                             GNUTLS_MAX_QUALIFIERS); i++) {
Mirror of https://gitlab.com/gnutls/gnutls.git