diff options
author | Tobias Brunner <tobias@strongswan.org> | 2015-11-11 14:26:00 +0100 |
---|---|---|
committer | Tobias Brunner <tobias@strongswan.org> | 2015-11-12 14:40:44 +0100 |
commit | e161238e8e9b14cbc3ba36e8897ec2473d36b0fd (patch) | |
tree | 2a5e5ecc61220fa7779c428b1a0eab7c65a8662c | |
parent | 15d715daceb06ee4521606cd95354147fabe0216 (diff) | |
download | strongswan-e161238e8e9b14cbc3ba36e8897ec2473d36b0fd.tar.bz2 strongswan-e161238e8e9b14cbc3ba36e8897ec2473d36b0fd.tar.xz |
revocation: Allow CRLs to be encoded in PEM format
Since the textual representation for a CRL is now standardized
in RFC 7468 one could argue that we should accept that too, even
though RFC 5280 explicitly demands CRLs fetched via HTTP/FTP to
be in DER format. But in particular for file URIs enforcing that
seems inconvenient.
Fixes #1203.
-rw-r--r-- | src/libstrongswan/plugins/revocation/revocation_validator.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index 9fd5b2a22..fdcb9902b 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -367,7 +367,7 @@ static certificate_t* fetch_crl(char *url) return NULL; } crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, - BUILD_BLOB_ASN1_DER, chunk, BUILD_END); + BUILD_BLOB_PEM, chunk, BUILD_END); chunk_free(&chunk); if (!crl) { |