From 87c96c2e53023d9aeeaeb8257ca66e01fe64ab6f Mon Sep 17 00:00:00 2001 From: Jonathan Leroy Date: Wed, 14 Oct 2015 09:41:56 +0200 Subject: [PATCH 1/2] Fix boolean values according to DER specs In BER encoding, any boolean with a non-zero value is considered as TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE. This commit makes `mbedtls_asn1_write_bool` function uses `255` instead of `1` for BOOLEAN values. With this fix, boolean values are now reconized by OS X keychain (tested on OS X 10.11). Fixes #318. --- library/asn1write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/asn1write.c b/library/asn1write.c index dd5a7455e..849e8c168 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -191,7 +191,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea if( *p - start < 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = (boolean) ? 1 : 0; + *--(*p) = (boolean) ? 255 : 0; len++; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); From 00ee6eee54a7bf9fafa98873fa6a764f983e3e49 Mon Sep 17 00:00:00 2001 From: Jonathan Leroy Date: Wed, 14 Oct 2015 13:15:22 +0200 Subject: [PATCH 2/2] Test certificate "Server1 SHA1, key_usage" reissued. --- tests/data_files/server1.key_usage.crt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/data_files/server1.key_usage.crt b/tests/data_files/server1.key_usage.crt index 8a4c480c8..8f4e59f2d 100644 --- a/tests/data_files/server1.key_usage.crt +++ b/tests/data_files/server1.key_usage.crt @@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf -BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAQEEBAMCAeAw -DQYJKoZIhvcNAQEFBQADggEBAFd3JxNC2rEz94ProSZcv8NNk3e3Dhfms84qjkCM -YhLyZCZywZ2cj3bXThNGVND81UNgqyzk/MEGfKh5d0EHD8v97H7Zvs/EN814d0UC -/BZWlXqX9XInjxlI3baJrRWvsJJdRxMqub9LGBdhgZAtF1BVF9fk2QrV0GW6VN7a -dGYdRYO80yf+vf5g41A0DIi3dhdLF1H7UPDwfUwkF5QckXw0yqueszcmxvCAnxng -AUKoFS971WWCjCo8lMzOXOjeAwmibihT9XBabVzN1w3gOfSBbpHFi770bWgbKPWu -csFKtvrXGtLVQeKkfI1lIMWWeddvkMWWBIqFrkBBLLOI4+A= +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw +DQYJKoZIhvcNAQEFBQADggEBABKC/1x0m57EY4H412ue3ghCWgg07VcRKamnUSTs +tnqI5T0mSvuPrxhINdQB6360ibctBkXP3S9rxGHiUdeK/JqxYs2YamCs50TSWpon +p4Hzcmjsw1YgXsQ6pmYwkzU03zqs361gt7JSOzL2dN0IjwIy47qfLQb/AXhX2Ims +7gBuqVpYqJuSHR0qsN/c6WgIE3IrbK1MB6CJTkxBfcSc5E4oUIBHmww+RSVLOczM +nGk3U13dmfG0ndhMtrMyyxBZZSUwoZLjRZ6J5mHSv+k8oo1PYQeiivNEP53mgVaY +ha0gLUIk6zNBRpY1uUmxQ+RQSMIyYPBb1RedHn2s8El2mlo= -----END CERTIFICATE-----