From d7dc677ee5727617d8c8fc43754786527717a884 Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Fri, 7 Jul 2017 08:53:32 +0200 Subject: [PATCH] x509: Correctly encode nonce in OCSP request The nonce value is encoded as OCTET STRING, however, the extension values themselves must also be encoded as OCTET STRING. --- src/libstrongswan/plugins/x509/x509_ocsp_request.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_request.c b/src/libstrongswan/plugins/x509/x509_ocsp_request.c index e32f8eefe..aef76af32 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_request.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_request.c @@ -209,7 +209,8 @@ static chunk_t build_nonce(private_x509_ocsp_request_t *this) } rng->destroy(rng); return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_nonce_oid, - asn1_simple_object(ASN1_OCTET_STRING, this->nonce)); + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_simple_object(ASN1_OCTET_STRING, this->nonce))); } /**