From 184bac77338d562f8106b14d90eeebe2a0d55850 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 26 Dec 2016 15:34:01 +0000 Subject: Restore previous ASN.1 encoding for the peer certificate - this was unintentionally changed during the CBS/CBB rewrite. Issue reported by jeremy@ due to failing ruby tests. Analysis and near identical diff from Kazuki Yamaguchi . --- src/lib/libssl/ssl_asn1.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 36fbbbed98..707dc24d08 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_asn1.c,v 1.46 2016/12/26 15:28:42 jsing Exp $ */ +/* $OpenBSD: ssl_asn1.c,v 1.47 2016/12/26 15:34:01 jsing Exp $ */ /* * Copyright (c) 2016 Joel Sing @@ -122,13 +122,11 @@ i2d_SSL_SESSION(SSL_SESSION *s, unsigned char **pp) /* Peer certificate [3]. */ if (s->peer != NULL) { - if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG)) - goto err; - if (!CBB_add_asn1(&peer_cert, &value, CBS_ASN1_OCTETSTRING)) - goto err; if ((len = i2d_X509(s->peer, &peer_cert_bytes)) <= 0) goto err; - if (!CBB_add_bytes(&value, peer_cert_bytes, len)) + if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG)) + goto err; + if (!CBB_add_bytes(&peer_cert, peer_cert_bytes, len)) goto err; } @@ -312,7 +310,7 @@ d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length) /* Peer certificate [3]. */ X509_free(s->peer); s->peer = NULL; - if (!CBS_get_optional_asn1_octet_string(&session, &peer_cert, &present, + if (!CBS_get_optional_asn1(&session, &peer_cert, &present, SSLASN1_PEER_CERT_TAG)) goto err; if (present) { -- cgit v1.2.3-55-g6feb