Tolerate DER time encoding errors

It seems that openssl generated certificates may contain invalid formatted times, and gnutls will no longer parse them. Ignore such formatting errors when DER decoding. We should reconsider this in the future (#207) Resolves #196 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

Tolerate DER time encoding errors
It seems that openssl generated certificates may contain invalid formatted times, and gnutls will no longer parse them. Ignore such formatting errors when DER decoding. We should reconsider this in the future (#207) Resolves #196 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
8e7bc8fe · Nikos Mavrogiannopoulos · 5faeef3c · 8e7bc8fe
Commit 8e7bc8fe authored May 29, 2017 by Nikos Mavrogiannopoulos
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -262,7 +262,12 @@ int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr);
 inline static int _asn1_strict_der_decode (asn1_node * element, const void *ider,
 		       int len, char *errorDescription)
 {
-	return asn1_der_decoding2(element, ider, &len, ASN1_DECODE_FLAG_STRICT_DER, errorDescription);
+#ifdef ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME
+# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME|ASN1_DECODE_FLAG_STRICT_DER
+#else
+# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_STRICT_DER
+#endif
+	return asn1_der_decoding2(element, ider, &len, _ASN1_DER_FLAGS, errorDescription);
 }

 #endif