narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Clone of ipxe replica repo
4,896 Commits
13 Branches
11 Tags
107 MiB
C 97.4%
Assembly 1.3%
Perl 0.6%
Makefile 0.4%
Python 0.2%
 
 
 
 
 
Go to file
Michael Brown 5cbdc41778 [crypto] Fix parsing of OCSP responder ID key hash 
We currently compare the entirety of the KeyHash object (including the
ASN.1 tag and length byte) against the raw SHA-1 hash of the
certificate's public key.  This causes OCSP validation to fail for any
responses which identify the responder by key hash rather than by
name, and hence prevents the use of X.509 certificates where any
certificate in the chain has an OCSP responder which chooses to
identify itself via its key hash.

Fix by adding the missing asn1_enter() required to enter the ASN.1
octet string containing the key hash.

Also add a corresponding test case including an OCSP response where
the responder is identified by key hash, to ensure that this
functionality cannot be broken in future.

Debugged-by: Brian Rak <brak@gameservers.com>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
 		2014-11-24 15:05:43 +00:00
contrib [errdb] Strip platform error code for non-platform-generated errors 2013-04-29 15:36:32 +01:00
src [crypto] Fix parsing of OCSP responder ID key hash 2014-11-24 15:05:43 +00:00
COPYING Initial revision 2005-05-17 16:44:57 +00:00
COPYRIGHTS [build] Rename gPXE to iPXE 2010-04-19 23:43:39 +01:00
README [doc] Re-add README file 2010-05-28 00:03:47 +01:00

README 

iPXE README File

Quick start guide:

   cd src
   make

For any more detailed instructions, see http://ipxe.org