Branch: Tag:

2014-07-14

2014-07-14 14:29:37 by Martin Nilsson <nilsson@opera.com>

Some certficate conformance fixes. RFC 5280 4.1.2.2

794:    if (a[0]->type_name != "INTEGER")    return 0;    serial = a[0]->value; -  if(serial<0) -  return 0; +     DBG("TBSCertificate: serial = %s\n", (string) serial);       if ((a[1]->type_name != "SEQUENCE")
1207:   {    Sequence algorithm_id = c->pkcs_signature_algorithm_id(h);    if(!algorithm_id) error("Can't use %O for %O.\n", h, c); -  if(serial<0) error("Serial number needs to be >=0.\n"); +  if(serial<=0) error("Conforming CA serial number needs to be >0.\n"); +  if(serial>1<<142) error("Serial needs to be less than 20 bytes encoded.\n");       if( mappingp(extensions) )    {