Red Hat Bugzilla – Bug 551410
com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete
Last modified: 2015-01-05 20:19:18 EST
Description of problem:
com.netscape.cmsutil.ocsp.TBSRequest has incomplete/inconsistent ASN.1 en/decoding
Patch fixes the following:
- adds proper handling of version (conditional encoding)
- implements correct encoding with explicit tagging (there was comment saying it was probably broken)
Created attachment 380948 [details]
patch making ASN.1 encoding/decoding more complete
see fix and code submission in https://bugzilla.redhat.com/show_bug.cgi?id=488253
Please provide steps to reproduce and verify this bug.
If this is directed at me, I can't readily provide a detailed instruction list. What I can say is at the time I was using the OCSP classes to create an OCSP client and when I was handling requests/responses while testing with 2 different 3rd party responders (not the one built into this product) I was having issues. I tracked the issue down to the implementation of the OCSP classes not being fully conformant to the OCSP RFC so I submitted the patch to make things follow the RFC better and be interoperable.