Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-17 14:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

SCT: only compare correct OID/NID for Cert/OCSP.

Browse source 
The old way of doing it did not really cause problems - but now only the
OID that can be used in practice is checked.
This commit is contained in:
Johanna Amann 2017-03-17 13:53:50 -07:00
parent c403a7f4e6
commit 41a2028dee
2 changed files with 3 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -345,7 +345,7 @@ clean_up:
void file_analysis::OCSP::ParseExtensionsSpecific(X509_EXTENSION* ex, bool global, ASN1_OBJECT* ext_asn, const char* oid) void file_analysis::OCSP::ParseExtensionsSpecific(X509_EXTENSION* ex, bool global, ASN1_OBJECT* ext_asn, const char* oid)
{ {
#ifdef NID_ct_cert_scts #ifdef NID_ct_cert_scts
if ( OBJ_obj2nid(ext_asn) == NID_ct_cert_scts || OBJ_obj2nid(ext_asn) == NID_ct_precert_scts ) if ( OBJ_obj2nid(ext_asn) == NID_ct_cert_scts )
#else #else
if ( strcmp(oid, "1.3.6.1.4.1.11129.2.4.5") == 0 ) if ( strcmp(oid, "1.3.6.1.4.1.11129.2.4.5") == 0 )
#endif #endif

4
src/file_analysis/analyzer/x509/X509.cc
View file

@ -241,9 +241,9 @@ void file_analysis::X509::ParseExtensionsSpecific(X509_EXTENSION* ex, bool globa
ParseSAN(ex); ParseSAN(ex);
#ifdef NID_ct_cert_scts #ifdef NID_ct_cert_scts
else if ( OBJ_obj2nid(ext_asn) == NID_ct_cert_scts || OBJ_obj2nid(ext_asn) == NID_ct_precert_scts ) else if ( OBJ_obj2nid(ext_asn) == NID_ct_precert_scts )
#else #else
else if ( strcmp(oid, "1.3.6.1.4.1.11129.2.4.2") == 0 || strcmp(oid, "1.3.6.1.4.1.11129.2.4.4") == 0 ) else if ( strcmp(oid, "1.3.6.1.4.1.11129.2.4.2") == 0 )
#endif #endif
ParseSignedCertificateTimestamps(ex); ParseSignedCertificateTimestamps(ex);
} }