From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Thu, 30 Oct 2014 15:02:39 +0000 (-0700)
Subject: Bug 4102: sslbump cert contains only a dot character in key usage extension
X-Git-Tag: SQUID_3_4_9~4
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=d4a07e9928b9ac5dd50953929ff641c3eb7807fb;p=thirdparty%2Fsquid.git

Bug 4102: sslbump cert contains only a dot character in key usage extension

The patch for bug 3966 was slightly incorrect. As a result the Key Usage
field for SSL-bump mimic'ed certificates could end up containing only a
dot (.) character.
---

diff --git a/src/ssl/gadgets.cc b/src/ssl/gadgets.cc
index 17b6c37198..1c8f2acf21 100644
--- a/src/ssl/gadgets.cc
+++ b/src/ssl/gadgets.cc
@@ -297,7 +297,21 @@ mimicExtensions(Ssl::X509_Pointer & cert, Ssl::X509_Pointer const & mimicCert)
                 if ((ext = X509_get_ext(cert.get(), p)) != NULL) {
                     ASN1_BIT_STRING *keyusage = (ASN1_BIT_STRING *)X509V3_EXT_d2i(ext);
                     ASN1_BIT_STRING_set_bit(keyusage, KeyEncipherment, 1);
-                    X509_EXTENSION_set_data( ext, (ASN1_OCTET_STRING*)keyusage );
+
+                    //Build the ASN1_OCTET_STRING
+                    const X509V3_EXT_METHOD *method = X509V3_EXT_get(ext);
+                    assert(method && method->it);
+                    unsigned char *ext_der = NULL;
+                    int ext_len = ASN1_item_i2d((ASN1_VALUE *)keyusage,
+                                                &ext_der, 
+                                                (const ASN1_ITEM *)ASN1_ITEM_ptr(method->it));
+
+                    ASN1_OCTET_STRING *ext_oct = M_ASN1_OCTET_STRING_new();
+                    ext_oct->data = ext_der;
+                    ext_oct->length = ext_len;
+                    X509_EXTENSION_set_data(ext, ext_oct);
+
+                    M_ASN1_OCTET_STRING_free(ext_oct);
                     ASN1_BIT_STRING_free(keyusage);
                 }
             }