Tolerate DER time encoding errors

It seems that openssl generated certificates may contain invalid formatted times, and gnutls will no longer parse them. Ignore such formatting errors when DER decoding. We should reconsider this in the future (#207) Resolves #196 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-05-29 09:15:27 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-06-05 13:36:16 +0200
commit: a4857ab05d541e0876cef99fa5ae8cc916183e35 (patch)
tree: 1939ca906cb49ff774fc37649e0bc1f656ac8e64 /lib
parent: cc888563c34c607a5ac3ae11c9c21cf4f90669c2 (diff)
download: gnutls-a4857ab05d541e0876cef99fa5ae8cc916183e35.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/x509/common.h b/lib/x509/common.h
index 6716939255..ddf641ab13 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -256,7 +256,12 @@ int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr);
 inline static int _asn1_strict_der_decode (asn1_node * element, const void *ider,
 		       int len, char *errorDescription)
 {
-	return asn1_der_decoding2(element, ider, &len, ASN1_DECODE_FLAG_STRICT_DER, errorDescription);
+#ifdef ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME
+# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME|ASN1_DECODE_FLAG_STRICT_DER
+#else
+# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_STRICT_DER
+#endif
+	return asn1_der_decoding2(element, ider, &len, _ASN1_DER_FLAGS, errorDescription);
 }
 
 #endif
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-05-29 09:15:27 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-06-05 13:36:16 +0200
commit	a4857ab05d541e0876cef99fa5ae8cc916183e35 (patch)
tree	1939ca906cb49ff774fc37649e0bc1f656ac8e64 /lib
parent	cc888563c34c607a5ac3ae11c9c21cf4f90669c2 (diff)
download	gnutls-a4857ab05d541e0876cef99fa5ae8cc916183e35.tar.gz