1 files changed, 8 insertions, 1 deletions

diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index caa511e9db..6823c24563 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -324,7 +324,7 @@ gnutls_ocsp_resp_import2(gnutls_ocsp_resp_t resp,
 	}
 #define OCSP_BASIC "1.3.6.1.5.5.7.48.1.1"
 
-	if (resp->response_type_oid.size == sizeof(OCSP_BASIC)
+	if (resp->response_type_oid.size == sizeof(OCSP_BASIC) - 1
 	    && memcmp(resp->response_type_oid.data, OCSP_BASIC,
 		      resp->response_type_oid.size) == 0) {
 
@@ -795,6 +795,8 @@ gnutls_ocsp_req_add_cert(gnutls_ocsp_req_t req,
  * The caller needs to deallocate memory by calling gnutls_free() on
  * @oid->data and @data->data.
  *
+ * Since 3.7.0 @oid->size does not account for the terminating null byte.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error code is returned.  If you have reached the last
  *   extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will
@@ -1088,6 +1090,9 @@ int gnutls_ocsp_resp_get_status(gnutls_ocsp_resp_const_t resp)
  * Otherwise gnutls_ocsp_resp_import() will decode the basic OCSP
  * response part and the caller need not worry about that aspect.
  *
+ * Since 3.7.0 @response_type_oid->size does not account for the terminating
+ * null byte.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error value.
  **/
@@ -1669,6 +1674,8 @@ gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_const_t resp,
  * The caller needs to deallocate memory by calling gnutls_free() on
  * @oid->data and @data->data.
  *
+ * Since 3.7.0 @oid->size does not account for the terminating null byte.
+ *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
  *   negative error code is returned.  If you have reached the last
  *   extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will