You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/06/18 20:19:13 UTC
[tomcat-native] branch master updated: Fix
https://bz.apache.org/bugzilla/show_bug.cgi?id=63356
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
The following commit(s) were added to refs/heads/master by this push:
new e48b963 Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63356
e48b963 is described below
commit e48b96363c4eb35d8e86e814f30404d812dc0782
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Jun 18 21:18:48 2019 +0100
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=63356
Fix client certificate authentication when a certificate contains an AIA
extension without an OCSP URI.
Patch provided by Milind Takawale.
---
native/src/sslutils.c | 7 +++++--
xdocs/miscellaneous/changelog.xml | 5 +++++
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/native/src/sslutils.c b/native/src/sslutils.c
index 07bc3e7..aa0d68c 100644
--- a/native/src/sslutils.c
+++ b/native/src/sslutils.c
@@ -734,10 +734,13 @@ static char **decode_OCSP_url(ASN1_OCTET_STRING *os, apr_pool_t *p)
memcpy(ocsp_urls,os->data, len);
ocsp_urls[len] = '\0';
- if ((response = apr_pcalloc(p, sizeof(char *))) == NULL)
+ if ((response = apr_pcalloc(p, sizeof(char *))) == NULL) {
return NULL;
- if (parse_ASN1_Sequence(ocsp_urls, &response, &numofresponses, p))
+ }
+ if (parse_ASN1_Sequence(ocsp_urls, &response, &numofresponses, p) ||
+ numofresponses ==0) {
response = NULL;
+ }
return response;
}
diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml
index 77f55f1..6af4a2e 100644
--- a/xdocs/miscellaneous/changelog.xml
+++ b/xdocs/miscellaneous/changelog.xml
@@ -40,6 +40,11 @@
<bug>63159</bug>: Unable to complete build when build directory is
outside of the source tree. Patch provided by Bob Huemmer. (markt)
</fix>
+ <fix>
+ <bug>63356</bug>: Fix client certificate authentication when a certificate
+ contains an AIA extension without an OCSP URI. Patch provided by Milind
+ Takawale. (markt)
+ </fix>
</changelog>
</section>
<section name="Changes in 1.2.21">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org