Red Hat Bugzilla – Bug 550331
com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete
Last modified: 2015-01-05 20:19:56 EST
Description of problem:
com.netscape.cmsutil.ocsp.ResponseData has incomplete/inconsistent ASN.1 en/decoding
Patch fixes the following:
- removes unused imports
- adds proper handling of version (conditional encoding)
- adds support for response extensions (previous encoded them if they were there but completely ignores them decoding)
Created attachment 380207 [details]
patch making ASN.1 encoding/decoding more complete
see fix and code submission in https://bugzilla.redhat.com/show_bug.cgi?id=488253
Please provide steps to reproduce and verify.
If this is directed at me, I can't readily provide a detailed instruction list.
What I can say is at the time I was using the OCSP classes to create an OCSP
client and when I was handling requests/responses while testing with 2
different 3rd party responders (not the one built into this product) I was
having issues. I tracked the issue down to the implementation of the OCSP
classes not being fully conformant to the OCSP RFC so I submitted the patch to
make things follow the RFC better and be interoperable. Additionally, there's a comment in the code saying it was probably broken and it wasn't doing the tagging correctly.