output the complete path to the trusted root during certificate
chain verification (#1012)
+** libgnutls: OIDs exposed as gnutls_datum_t no longer account for the
+ terminating null bytes, while the data field is null terminated.
+ The affected API functions are: gnutls_ocsp_req_get_extension,
+ gnutls_ocsp_resp_get_response, and gnutls_ocsp_resp_get_extension
+ (#805).
+
** API and ABI modifications:
gnutls_x509_trust_list_set_getissuer_function: Added
gnutls_x509_trust_list_get_ptr: Added
}
if (etype == ASN1_ETYPE_BIT_STRING) {
- len = (len + 7)/8;
+ len = (len + 7) / 8;
}
tmp = gnutls_malloc((size_t) len + 1);
goto cleanup;
}
- if (etype == ASN1_ETYPE_BIT_STRING) {
- ret->size = (len+7) / 8;
- } else {
+ switch (etype) {
+ case ASN1_ETYPE_BIT_STRING:
+ ret->size = (len + 7) / 8;
+ break;
+ case ASN1_ETYPE_OBJECT_ID:
+ if (len > 0) {
+ ret->size = len - 1;
+ } else {
+ result = gnutls_assert_val(GNUTLS_E_ASN1_DER_ERROR);
+ goto cleanup;
+ }
+ break;
+ default:
ret->size = (unsigned) len;
+ break;
}
} else {
ret->size = 0;
}
#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
- if (resp->response_type_oid.size == sizeof(OCSP_BASIC)
+ if (resp->response_type_oid.size == sizeof(OCSP_BASIC) - 1
&& memcmp(resp->response_type_oid.data, OCSP_BASIC,
resp->response_type_oid.size) == 0) {
* The caller needs to deallocate memory by calling gnutls_free() on
* @oid->data and @data->data.
*
+ * Since 3.7.0 @oid->size does not account for the terminating null byte.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error code is returned. If you have reached the last
* extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
* Otherwise gnutls_ocsp_resp_import() will decode the basic OCSP
* response part and the caller need not worry about that aspect.
*
+ * Since 3.7.0 @response_type_oid->size does not account for the terminating
+ * null byte.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
* The caller needs to deallocate memory by calling gnutls_free() on
* @oid->data and @data->data.
*
+ * Since 3.7.0 @oid->size does not account for the terminating null byte.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error code is returned. If you have reached the last
* extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
if (indx == 0)
adds(str, "\tExtensions:\n");
- if (oid.size == sizeof(GNUTLS_OCSP_NONCE) &&
+ if (oid.size == sizeof(GNUTLS_OCSP_NONCE) - 1 &&
memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
gnutls_datum_t nonce;
unsigned int ncrit;
adds(str, "\tResponse Type: ");
#define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
- if (oid.size == sizeof(OCSP_BASIC)
+ if (oid.size == sizeof(OCSP_BASIC) - 1
&& memcmp(oid.data, OCSP_BASIC, oid.size) == 0) {
adds(str, "Basic OCSP Response\n");
gnutls_free(oid.data);
continue;
}
- if (oid.size == sizeof(GNUTLS_OCSP_NONCE) &&
+ if (oid.size == sizeof(GNUTLS_OCSP_NONCE) - 1 &&
memcmp(oid.data, GNUTLS_OCSP_NONCE, oid.size) == 0) {
gnutls_datum_t nonce;
unsigned int ncrit;
return ret;
}
- if (type == GNUTLS_SAN_REGISTERED_ID && tmp.size > 0) {
- /* see #805; OIDs contain the null termination byte */
- assert(tmp.data[tmp.size-1] == 0);
- tmp.size--;
- }
-
/* _gnutls_x509_read_value() null terminates */
dname->size = tmp.size;
dname->data = tmp.data;
projects / thirdparty / gnutls.git / commitdiff
