Bug 550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete
com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete
Status: CLOSED CURRENTRELEASE
Product: Dogtag Certificate System
Classification: Community
Component: Tools - Java (Show other bugs)
1.0
All All
high Severity medium
: ---
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
:
Depends On:
Blocks: 445047
  Show dependency treegraph
 
Reported: 2009-12-24 10:00 EST by David Stutzman
Modified: 2015-01-05 20:19 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 488253
Environment:
Last Closed: 2012-06-04 16:36:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch making ASN.1 encoding/decoding more complete (3.64 KB, patch)
2009-12-24 10:01 EST, David Stutzman
no flags Details | Diff

  None (edit)
Description David Stutzman 2009-12-24 10:00:57 EST
Description of problem:
com.netscape.cmsutil.ocsp.ResponseData has incomplete/inconsistent ASN.1 en/decoding

Patch fixes the following: 
- removes unused imports
- adds proper handling of version (conditional encoding)
- adds support for response extensions (previous encoded them if they were there but completely ignores them decoding)
Comment 1 David Stutzman 2009-12-24 10:01:36 EST
Created attachment 380207 [details]
patch making ASN.1 encoding/decoding more complete
Comment 4 Ade Lee 2010-11-09 00:37:34 EST
see fix and code submission in https://bugzilla.redhat.com/show_bug.cgi?id=488253
Comment 6 Jenny Galipeau 2011-06-13 12:22:51 EDT
Please provide steps to reproduce and verify.
Comment 7 David Stutzman 2011-06-20 06:44:07 EDT
If this is directed at me, I can't readily provide a detailed instruction list.
 What I can say is at the time I was using the OCSP classes to create an OCSP
client and when I was handling requests/responses while testing with 2
different 3rd party responders (not the one built into this product) I was
having issues.  I tracked the issue down to the implementation of the OCSP
classes not being fully conformant to the OCSP RFC so I submitted the patch to
make things follow the RFC better and be interoperable.  Additionally, there's a comment in the code saying it was probably broken and it wasn't doing the tagging correctly.

Note You need to log in before you can comment on or make changes to this bug.