diff options
author | lloyd <[email protected]> | 2012-04-16 21:16:28 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-04-16 21:16:28 +0000 |
commit | c6fd2a39dfc9f488e25a63698a86a928afae3dc7 (patch) | |
tree | e9b542815b20bc28feb09d3e28bf57ff1e19f3f1 | |
parent | b224e899c8846f17a36dc41c53dd94ba037ada79 (diff) |
The encoding of Certificate Request messages was wrong, each DER
encoded CA DN has a length field but also the entire block has one.
This caused decoding errors if we requested a certificate and sent one
or more DNs to request particular CAs. The decoding side had it correct.
-rw-r--r-- | src/tls/cert_req.cpp | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index df70cc43d..1b686c1c4 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -122,7 +122,7 @@ Certificate_Req::Certificate_Req(const MemoryRegion<byte>& buf, m_supported_algos.push_back(std::make_pair("SHA-1", "ECDSA")); } - u16bit purported_size = reader.get_u16bit(); + const u16bit purported_size = reader.get_u16bit(); if(reader.remaining_bytes() != purported_size) throw Decoding_Error("Inconsistent length in certificate request"); @@ -153,18 +153,20 @@ MemoryVector<byte> Certificate_Req::serialize() const append_tls_length_value(buf, cert_types, 1); if(!m_supported_algos.empty()) - { buf += Signature_Algorithms(m_supported_algos).serialize(); - } + + MemoryVector<byte> encoded_names; for(size_t i = 0; i != names.size(); ++i) { DER_Encoder encoder; encoder.encode(names[i]); - append_tls_length_value(buf, encoder.get_contents(), 2); + append_tls_length_value(encoded_names, encoder.get_contents(), 2); } + append_tls_length_value(buf, encoded_names, 2); + return buf; } |