Skip to content

Commit 93d79fc

Browse files
rheniumrhenium
authored
Merge pull request #1004 from swhitt/fix-ocsp-basic-response-uninitialized-revtime
ocsp: fix uninitialized variables in BasicResponse#status
2 parents f9429bd + 667ce07 commit 93d79fc

File tree

3 files changed

+32
-3
lines changed

3 files changed

+32
-3
lines changed

ext/openssl/ossl_ocsp.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -905,8 +905,8 @@ ossl_ocspbres_get_status(VALUE self)
905905
int count = OCSP_resp_count(bs);
906906
for (int i = 0; i < count; i++) {
907907
OCSP_SINGLERESP *single = OCSP_resp_get0(bs, i);
908-
ASN1_TIME *revtime, *thisupd, *nextupd;
909-
int reason;
908+
ASN1_TIME *revtime = NULL, *thisupd = NULL, *nextupd = NULL;
909+
int reason = -1;
910910

911911
int status = OCSP_single_get0_status(single, &reason, &revtime, &thisupd, &nextupd);
912912
if (status < 0)

ext/openssl/ossl_pkcs7.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1010,7 +1010,7 @@ static VALUE
10101010
ossl_pkcs7si_get_signed_time(VALUE self)
10111011
{
10121012
PKCS7_SIGNER_INFO *p7si;
1013-
ASN1_TYPE *asn1obj;
1013+
const ASN1_TYPE *asn1obj;
10141014

10151015
GetPKCS7si(self, p7si);
10161016

test/openssl/test_ocsp.rb

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -215,6 +215,35 @@ def test_basic_response_dup
215215
assert_equal bres.to_der, bres.dup.to_der
216216
end
217217

218+
def test_basic_response_status_good
219+
bres = OpenSSL::OCSP::BasicResponse.new
220+
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest.new('SHA1'))
221+
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_GOOD, 0, nil, -300, 500, nil)
222+
bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert])
223+
224+
statuses = bres.status
225+
assert_equal 1, statuses.size
226+
status = statuses[0]
227+
assert_equal cid.to_der, status[0].to_der
228+
assert_equal OpenSSL::OCSP::V_CERTSTATUS_GOOD, status[1]
229+
assert_nil status[3] # revtime should be nil for GOOD status
230+
end
231+
232+
def test_basic_response_status_revoked
233+
bres = OpenSSL::OCSP::BasicResponse.new
234+
now = Time.at(Time.now.to_i)
235+
cid = OpenSSL::OCSP::CertificateId.new(@cert, @ca_cert, OpenSSL::Digest.new('SHA1'))
236+
bres.add_status(cid, OpenSSL::OCSP::V_CERTSTATUS_REVOKED,
237+
OpenSSL::OCSP::REVOKED_STATUS_UNSPECIFIED, now - 400, -300, nil, nil)
238+
bres.sign(@ocsp_cert, @ocsp_key, [@ca_cert])
239+
240+
statuses = bres.status
241+
assert_equal 1, statuses.size
242+
status = statuses[0]
243+
assert_equal OpenSSL::OCSP::V_CERTSTATUS_REVOKED, status[1]
244+
assert_equal now - 400, status[3] # revtime should be the revocation time
245+
end
246+
218247
def test_basic_response_response_operations
219248
bres = OpenSSL::OCSP::BasicResponse.new
220249
now = Time.at(Time.now.to_i)

0 commit comments

Comments
 (0)