Commit 8e7bc8fe authored by Nikos Mavrogiannopoulos's avatar Nikos Mavrogiannopoulos
Browse files

Tolerate DER time encoding errors

It seems that openssl generated certificates may contain invalid
formatted times, and gnutls will no longer parse them. Ignore such
formatting errors when DER decoding.

We should reconsider this in the future (#207)

Resolves #196

Signed-off-by: Nikos Mavrogiannopoulos's avatarNikos Mavrogiannopoulos <nmav@redhat.com>
parent 5faeef3c
......@@ -262,7 +262,12 @@ int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr);
inline static int _asn1_strict_der_decode (asn1_node * element, const void *ider,
int len, char *errorDescription)
{
return asn1_der_decoding2(element, ider, &len, ASN1_DECODE_FLAG_STRICT_DER, errorDescription);
#ifdef ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME
# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME|ASN1_DECODE_FLAG_STRICT_DER
#else
# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_STRICT_DER
#endif
return asn1_der_decoding2(element, ider, &len, _ASN1_DER_FLAGS, errorDescription);
}
#endif
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment