From 28b987aec9474e8c0cf1cc12273018edf3a1eca1 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 13 Nov 2006 13:21:47 +0000 Subject: [PATCH] Don't assume requestorName is present for signed requests. ASN1 OCSP module fix: certs field is OPTIONAL. --- crypto/ocsp/ocsp_asn.c | 2 +- crypto/ocsp/ocsp_vfy.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c index 6a3a360d5..39b7a1c56 100644 --- a/crypto/ocsp/ocsp_asn.c +++ b/crypto/ocsp/ocsp_asn.c @@ -62,7 +62,7 @@ ASN1_SEQUENCE(OCSP_SIGNATURE) = { ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), - ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0) + ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) } ASN1_SEQUENCE_END(OCSP_SIGNATURE) IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 3d58dfb06..23ea41c84 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -367,7 +367,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st return 0; } gen = req->tbsRequest->requestorName; - if (gen->type != GEN_DIRNAME) + if (!gen || gen->type != GEN_DIRNAME) { OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); return 0;