One of the design goals of ASN.1 DER is to provide a canonical serialization of a data structure, thereby allowing for equality of values to be tested by simply comparing the serialized bytes. Some OCSP servers will modify the request certID to omit the optional (and null) "parameters" portion of the hashAlgorithm. This is arguably legal but breaks the ability to perform a straightforward bitwise comparison on the entire certID field between request and response. Fix by comparing the OID-identified hashAlgorithm separately from the remaining certID fields. Originally-fixed-by: Thilo Fromm <Thilo@kinvolk.io> Signed-off-by: Michael Brown <mcb30@ipxe.org>tags/v1.20.1
|
|
||
145 |
|
145 |
|
146 |
|
146 |
|
147 |
|
147 |
|
148 |
|
|
|
|
148 |
|
|
149 |
|
149 |
|
150 |
|
150 |
|
151 |
|
151 |
|
|
|
||
186 |
|
186 |
|
187 |
|
187 |
|
188 |
|
188 |
|
189 |
|
|
|
190 |
|
|
|
191 |
|
|
|
192 |
|
|
|
193 |
|
|
|
194 |
|
|
|
|
189 |
|
|
|
190 |
|
|
|
191 |
|
|
|
192 |
|
|
|
193 |
|
|
|
194 |
|
|
|
195 |
|
|
|
196 |
|
|
195 |
|
197 |
|
196 |
|
198 |
|
197 |
|
199 |
|
|
|
||
475 |
|
477 |
|
476 |
|
478 |
|
477 |
|
479 |
|
|
480 |
|
|
|
481 |
|
|
478 |
|
482 |
|
479 |
|
|
|
|
483 |
|
|
480 |
|
484 |
|
481 |
|
|
|
482 |
|
|
|
|
485 |
|
|
|
486 |
|
|
|
487 |
|
|
|
488 |
|
|
|
489 |
|
|
|
490 |
|
|
|
491 |
|
|
|
492 |
|
|
|
493 |
|
|
|
494 |
|
|
|
495 |
|
|
|
496 |
|
|
|
497 |
|
|
|
498 |
|
|
|
499 |
|
|
|
500 |
|
|
483 |
|
501 |
|
484 |
|
502 |
|
485 |
|
|
|
486 |
|
|
|
|
503 |
|
|
|
504 |
|
|
487 |
|
505 |
|
488 |
|
506 |
|
489 |
|
507 |
|
|
|
||
42 |
|
42 |
|
43 |
|
43 |
|
44 |
|
44 |
|
45 |
|
|
|
46 |
|
|
|
|
45 |
|
|
|
46 |
|
|
47 |
|
47 |
|
48 |
|
48 |
|
49 |
|
49 |
|