[tomcat-native] branch master updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63356

Tue, 18 Jun 2019 13:19:37 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git


The following commit(s) were added to refs/heads/master by this push:
     new e48b963  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63356
e48b963 is described below

commit e48b96363c4eb35d8e86e814f30404d812dc0782
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jun 18 21:18:48 2019 +0100

    Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63356
    
    Fix client certificate authentication when a certificate contains an AIA
    extension without an OCSP URI.
    Patch provided by Milind Takawale.
---
 native/src/sslutils.c             | 7 +++++--
 xdocs/miscellaneous/changelog.xml | 5 +++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index 07bc3e7..aa0d68c 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -734,10 +734,13 @@ static char **decode_OCSP_url(ASN1_OCTET_STRING *os, 
apr_pool_t *p)
     memcpy(ocsp_urls,os->data, len);
     ocsp_urls[len] = '\0';
 
-    if ((response = apr_pcalloc(p, sizeof(char *))) == NULL)
+    if ((response = apr_pcalloc(p, sizeof(char *))) == NULL) {
         return NULL;
-    if (parse_ASN1_Sequence(ocsp_urls, &response, &numofresponses, p))
+    }
+    if (parse_ASN1_Sequence(ocsp_urls, &response, &numofresponses, p) ||
+               numofresponses ==0) {
         response = NULL;
+    }
     return response;
 }
 
diff --git a/xdocs/miscellaneous/changelog.xml 
b/xdocs/miscellaneous/changelog.xml
index 77f55f1..6af4a2e 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -40,6 +40,11 @@
       <bug>63159</bug>: Unable to complete build when build directory is
       outside of the source tree. Patch provided by Bob Huemmer. (markt)
     </fix>
+    <fix>
+      <bug>63356</bug>: Fix client certificate authentication when a 
certificate
+      contains an AIA extension without an OCSP URI. Patch provided by Milind
+      Takawale. (markt)
+    </fix>
   </changelog>
 </section>
 <section name="Changes in 1.2.21">


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to