mirror of
https://github.com/zeek/zeek.git
synced 2025-10-17 05:58:20 +00:00
SCT: only compare correct OID/NID for Cert/OCSP.
The old way of doing it did not really cause problems - but now only the OID that can be used in practice is checked.
This commit is contained in:
parent
c403a7f4e6
commit
41a2028dee
2 changed files with 3 additions and 3 deletions
|
@ -345,7 +345,7 @@ clean_up:
|
|||
void file_analysis::OCSP::ParseExtensionsSpecific(X509_EXTENSION* ex, bool global, ASN1_OBJECT* ext_asn, const char* oid)
|
||||
{
|
||||
#ifdef NID_ct_cert_scts
|
||||
if ( OBJ_obj2nid(ext_asn) == NID_ct_cert_scts || OBJ_obj2nid(ext_asn) == NID_ct_precert_scts )
|
||||
if ( OBJ_obj2nid(ext_asn) == NID_ct_cert_scts )
|
||||
#else
|
||||
if ( strcmp(oid, "1.3.6.1.4.1.11129.2.4.5") == 0 )
|
||||
#endif
|
||||
|
|
|
@ -241,9 +241,9 @@ void file_analysis::X509::ParseExtensionsSpecific(X509_EXTENSION* ex, bool globa
|
|||
ParseSAN(ex);
|
||||
|
||||
#ifdef NID_ct_cert_scts
|
||||
else if ( OBJ_obj2nid(ext_asn) == NID_ct_cert_scts || OBJ_obj2nid(ext_asn) == NID_ct_precert_scts )
|
||||
else if ( OBJ_obj2nid(ext_asn) == NID_ct_precert_scts )
|
||||
#else
|
||||
else if ( strcmp(oid, "1.3.6.1.4.1.11129.2.4.2") == 0 || strcmp(oid, "1.3.6.1.4.1.11129.2.4.4") == 0 )
|
||||
else if ( strcmp(oid, "1.3.6.1.4.1.11129.2.4.2") == 0 )
|
||||
#endif
|
||||
ParseSignedCertificateTimestamps(ex);
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue