-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ocsp: reject ocsp responses where version is not v1 #20406
Conversation
/wait |
0dfbdc8
to
9e9131f
Compare
Signed-off-by: Loong Dai <[email protected]>
Signed-off-by: Loong Dai <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for picking this up -- I read through the documentation on ASN.1 tag classes and left some notes for you.
Signed-off-by: Loong Dai <[email protected]>
Signed-off-by: Loong Dai <[email protected]>
/retest |
Retrying Azure Pipelines: |
Signed-off-by: Loong Dai <[email protected]>
Signed-off-by: Loong Dai <[email protected]>
@zuercher thanks for your review! I have updated all and please take another review when free. |
Signed-off-by: Loong Dai <[email protected]>
Signed-off-by: Loong Dai <[email protected]>
I'm concerned that this isn't actually correct still? It seems to me that the bitstring has to have a length associated with it, and we're not including that in our test. (I got that encoding from an online asn.1 encoder and a subset of the OCSP definition, which is why I'm not sure it's truly correct.) Can you do some research and see if you can confirm whether that's really what a different version would look like when encoded? |
I'm also not available for the rest of the week. |
I have tested some cases about bit string/version changes, I can confirm that it is right although not found any docs related to it, if change bit string, it would raise an error. |
Signed-off-by: Loong Dai <[email protected]>
Signed-off-by: Loong Dai <[email protected]>
@davidben Do you have time to take a quick look at this and confirm that we're simulating an unsupported OCSP version correctly? |
/retest |
Retrying Azure Pipelines: |
Signed-off-by: Loong Dai <[email protected]>
Belatedly realized that @ggreenway is out this week. |
Risk Level: low Testing: added Docs Changes: n/a Release Notes: n/a Signed-off-by: Loong Dai <[email protected]> Signed-off-by: Andre Vehreschild <[email protected]>
Risk Level: low Testing: added Docs Changes: n/a Release Notes: n/a Signed-off-by: Loong Dai <[email protected]>
Signed-off-by: Loong Dai [email protected]
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Fixes commit #PR or SHA] #20096
[Optional Deprecated:]
[Optional API Considerations:]