narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Clone of ipxe replica repo
5,957 Commits
13 Branches
11 Tags
107 MiB
C 97.4%
Assembly 1.3%
Perl 0.6%
Makefile 0.4%
Python 0.2%
 
 
 
 
 
Go to file
Michael Brown 3f637d7462 [ocsp] Accept SHA1 certID responses even if SHA1 is not enabled 
Various implementation quirks in OCSP servers make it impractical to
use anything other than SHA1 to construct the issuerNameHash and
issuerKeyHash identifiers in the request certID.  For example: both
the OpenCA OCSP responder used by ipxe.org and the Boulder OCSP
responder used by LetsEncrypt will fail if SHA256 is used in the
request certID.

As of commit 6ffe28a ("[ocsp] Accept response certID with missing
hashAlgorithm parameters") we rely on asn1_digest_algorithm() to parse
the algorithm identifier in the response certID.  This will fail if
SHA1 is disabled via config/crypto.h.

Fix by using a direct ASN.1 object comparison on the OID within the
algorithm identifier.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
 		2020-06-25 13:04:54 +01:00
contrib [coverity] Override assumptions about wcrtomb() and hmac_init() 2019-08-17 17:18:54 +01:00
src [ocsp] Accept SHA1 certID responses even if SHA1 is not enabled 2020-06-25 13:04:54 +01:00
.travis.yml [travis] Ensure that most recent tag is always available 2020-01-03 00:14:03 +01:00
COPYING [legal] Update GPLv2 licence text 2015-02-26 17:59:53 +00:00
COPYING.GPLv2 [legal] Update GPLv2 licence text 2015-02-26 17:59:53 +00:00
COPYING.UBDL [legal] Add support for the Unmodified Binary Distribution Licence 2015-03-02 12:07:14 +00:00
README [doc] Re-add README file 2010-05-28 00:03:47 +01:00

README 

iPXE README File

Quick start guide:

   cd src
   make

For any more detailed instructions, see http://ipxe.org