pki: Don't remove zero bytes in CRL serials anymore
This was added a few years ago because pki --signcrl once encoded serials incorrectly as eight byte blobs. But still ensure we have can handle overflows in case the serial is encoded incorrectly without zero-prefix.
This commit is contained in:
parent
49d9266c31
commit
790847d17c
|
@ -376,14 +376,15 @@ static int sign_crl()
|
|||
lastenum = enumerator_create_empty();
|
||||
}
|
||||
|
||||
/* remove superfluous leading zeros */
|
||||
while (crl_serial.len > 1 && crl_serial.ptr[0] == 0x00 &&
|
||||
(crl_serial.ptr[1] & 0x80) == 0x00)
|
||||
{
|
||||
crl_serial = chunk_skip_zero(crl_serial);
|
||||
if (!crl_serial.len || crl_serial.ptr[0] & 0x80)
|
||||
{ /* add leading 0x00 to handle potential overflow if serial is encoded
|
||||
* incorrectly */
|
||||
crl_serial = chunk_cat("cc", chunk_from_chars(0x00), crl_serial);
|
||||
}
|
||||
else
|
||||
{
|
||||
crl_serial = chunk_clone(crl_serial);
|
||||
}
|
||||
crl_serial = chunk_clone(crl_serial);
|
||||
|
||||
/* increment the serial number by one */
|
||||
chunk_increment(crl_serial);
|
||||
|
||||
|
|
Loading…
Reference in New Issue