Don't assume requestorName is present for signed requests. ASN1 OCSP module

fix: certs field is OPTIONAL.
2024-11-21 01:15:20 +08:00 · 2006-11-13 13:21:47 +00:00 · 2006-11-13 13:21:47 +00:00 · 28b987aec9
commit 28b987aec9
parent fb596f3bb7
2 changed files with 2 additions and 2 deletions
--- a/crypto/ocsp/ocsp_asn.c
+++ b/crypto/ocsp/ocsp_asn.c
@ -62,7 +62,7 @@
 ASN1_SEQUENCE(OCSP_SIGNATURE) = {
 	ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
 	ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
-	ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0)
+	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_SIGNATURE)

 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@ -367,7 +367,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st
 		return 0;
 		}
 	gen = req->tbsRequest->requestorName;
-	if (gen->type != GEN_DIRNAME)
+	if (!gen || gen->type != GEN_DIRNAME)
 		{
 		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
 		return 0;