Tolerate DER time encoding errors

It seems that openssl generated certificates may contain invalid formatted times, and gnutls will no longer parse them. Ignore such formatting errors when DER decoding. We should reconsider this in the future (#207) Resolves #196 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-29 09:15:27 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-06-05 11:20:58 +0200
commit: 8e7bc8fec48bf5748b08426ea183d18c2d7b52a9 (patch)
tree: 931b54c11efbf1eda5f76203fb71e00e9cf7d6a3
parent: 5faeef3c9a7498002e5866d85e5742d82115a2bb (diff)
download: gnutls-8e7bc8fec48bf5748b08426ea183d18c2d7b52a9.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 0cca5272b8..6d80b819b8 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -262,7 +262,12 @@ int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr);
 inline static int _asn1_strict_der_decode (asn1_node * element, const void *ider,
 		       int len, char *errorDescription)
 {
-	return asn1_der_decoding2(element, ider, &len, ASN1_DECODE_FLAG_STRICT_DER, errorDescription);
+#ifdef ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME
+# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME|ASN1_DECODE_FLAG_STRICT_DER
+#else
+# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_STRICT_DER
+#endif
+	return asn1_der_decoding2(element, ider, &len, _ASN1_DER_FLAGS, errorDescription);
 }
 
 #endif
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-29 09:15:27 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-06-05 11:20:58 +0200
commit	8e7bc8fec48bf5748b08426ea183d18c2d7b52a9 (patch)
tree	931b54c11efbf1eda5f76203fb71e00e9cf7d6a3
parent	5faeef3c9a7498002e5866d85e5742d82115a2bb (diff)
download	gnutls-8e7bc8fec48bf5748b08426ea183d18c2d7b52a9.tar.gz