headscott
commented
10 months ago There is another small problem with the version saved in the certificate: if the certificate is X.509v1 you save cert->version = 0 but then you can't print it in the certificate_to_string method, cause you test for cert->version != 0. I would say you should do the following in the _private_asn1_parse function:
if (length == 1)
cert->version = buffer[pos] + 1;
#ifdef TLS_X509_V1_SUPPORT
else
cert->version = 1;
idx++;
#endifinstead of
if (length == 1)
cert->version = buffer[pos];
#ifdef TLS_X509_V1_SUPPORT
else
cert->version = 0;
idx++;
#endif
But then you also have to do
if (cert) {
if ((cert->version == 3)
#ifdef TLS_X509_V1_SUPPORT
|| (cert->version == 1)
#endif
) {in the load methods for both certificates
instead of
if (cert) {
if ((cert->version == 2)
#ifdef TLS_X509_V1_SUPPORT
|| (cert->version == 0)
#endif
) {By that you will also now print the correct version spelling in the certificate_to_string method. At least this is how I think this would work. For me it does
I encountered a problem in the function tls_certificate_set_copy: you set (member)[len] = 0; but by that you overwrite the seconds of the validity you wanted to save. It should be (member)[len + 2] = 0; i think. At least this worked for me.