aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-04-16 21:16:28 +0000
committerlloyd <[email protected]>2012-04-16 21:16:28 +0000
commitc6fd2a39dfc9f488e25a63698a86a928afae3dc7 (patch)
treee9b542815b20bc28feb09d3e28bf57ff1e19f3f1
parentb224e899c8846f17a36dc41c53dd94ba037ada79 (diff)
The encoding of Certificate Request messages was wrong, each DER
encoded CA DN has a length field but also the entire block has one. This caused decoding errors if we requested a certificate and sent one or more DNs to request particular CAs. The decoding side had it correct.
-rw-r--r--src/tls/cert_req.cpp10
1 files changed, 6 insertions, 4 deletions
diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp
index df70cc43d..1b686c1c4 100644
--- a/src/tls/cert_req.cpp
+++ b/src/tls/cert_req.cpp
@@ -122,7 +122,7 @@ Certificate_Req::Certificate_Req(const MemoryRegion<byte>& buf,
m_supported_algos.push_back(std::make_pair("SHA-1", "ECDSA"));
}
- u16bit purported_size = reader.get_u16bit();
+ const u16bit purported_size = reader.get_u16bit();
if(reader.remaining_bytes() != purported_size)
throw Decoding_Error("Inconsistent length in certificate request");
@@ -153,18 +153,20 @@ MemoryVector<byte> Certificate_Req::serialize() const
append_tls_length_value(buf, cert_types, 1);
if(!m_supported_algos.empty())
- {
buf += Signature_Algorithms(m_supported_algos).serialize();
- }
+
+ MemoryVector<byte> encoded_names;
for(size_t i = 0; i != names.size(); ++i)
{
DER_Encoder encoder;
encoder.encode(names[i]);
- append_tls_length_value(buf, encoder.get_contents(), 2);
+ append_tls_length_value(encoded_names, encoder.get_contents(), 2);
}
+ append_tls_length_value(buf, encoded_names, 2);
+
return buf;
}