Bug 551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete
com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete
Product: Dogtag Certificate System
Classification: Community
Component: Tools - Java (Show other bugs)
All All
high Severity medium
: ---
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
Depends On:
Blocks: 445047
  Show dependency treegraph
Reported: 2009-12-30 09:49 EST by David Stutzman
Modified: 2015-01-05 20:19 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-06-04 16:29:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch making ASN.1 encoding/decoding more complete (3.81 KB, patch)
2009-12-30 09:50 EST, David Stutzman
no flags Details | Diff

  None (edit)
Description David Stutzman 2009-12-30 09:49:56 EST
Description of problem:
com.netscape.cmsutil.ocsp.TBSRequest has incomplete/inconsistent ASN.1 en/decoding

Patch fixes the following: 
- adds proper handling of version (conditional encoding)
- implements correct encoding with explicit tagging (there was comment saying it was probably broken)
Comment 1 David Stutzman 2009-12-30 09:50:21 EST
Created attachment 380948 [details]
patch making ASN.1 encoding/decoding more complete
Comment 4 Ade Lee 2010-11-09 00:37:12 EST
see fix and code submission in https://bugzilla.redhat.com/show_bug.cgi?id=488253
Comment 6 Jenny Galipeau 2011-06-13 12:21:39 EDT
Please provide steps to reproduce and verify this bug.
Comment 7 David Stutzman 2011-06-20 06:41:05 EDT
If this is directed at me, I can't readily provide a detailed instruction list.  What I can say is at the time I was using the OCSP classes to create an OCSP client and when I was handling requests/responses while testing with 2 different 3rd party responders (not the one built into this product) I was having issues.  I tracked the issue down to the implementation of the OCSP classes not being fully conformant to the OCSP RFC so I submitted the patch to make things follow the RFC better and be interoperable.

Note You need to log in before you can comment on or make changes to this bug.