fixes ocsp nonce extension decoding;

enables use of ocsp nonce extension in the client example.
2015-11-05 11:36:11 -03:00 · 2015-11-05 11:36:11 -03:00 · dccbc1cdd4
commit dccbc1cdd4
parent 62210186c7
2 changed files with 13 additions and 2 deletions
--- a/examples/client/client.c
+++ b/examples/client/client.c
@ -905,7 +905,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                                                    | WOLFSSL_OCSP_URL_OVERRIDE);
        }
        else
-            wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
+            wolfSSL_CTX_EnableOCSP(ctx, 0);
    }
 #endif

@ -1007,7 +1007,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
                                     WOLFSSL_CSR_OCSP_USE_NONCE) != SSL_SUCCESS)
            err_sys("UseCertificateStatusRequest failed");

-        wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE);
+        wolfSSL_CTX_EnableOCSP(ctx, 0);
    }
 #endif

--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -8579,6 +8579,17 @@ static int DecodeOcspRespExtensions(byte* source,
        }

        if (oid == OCSP_NONCE_OID) {
+            /* get data inside extra OCTET_STRING */
+            if (source[idx++] != ASN_OCTET_STRING) {
+                WOLFSSL_MSG("\tfail: should be an OCTET STRING");
+                return ASN_PARSE_E;
+            }
+
+            if (GetLength(source, &idx, &length, sz) < 0) {
+                WOLFSSL_MSG("\tfail: extension data length");
+                return ASN_PARSE_E;
+            }
+            
            resp->nonce = source + idx;
            resp->nonceSz = length;
        }