aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2015-11-11 14:26:00 +0100
committerTobias Brunner <tobias@strongswan.org>2015-11-12 14:40:44 +0100
commite161238e8e9b14cbc3ba36e8897ec2473d36b0fd (patch)
tree2a5e5ecc61220fa7779c428b1a0eab7c65a8662c
parent15d715daceb06ee4521606cd95354147fabe0216 (diff)
downloadstrongswan-e161238e8e9b14cbc3ba36e8897ec2473d36b0fd.tar.bz2
strongswan-e161238e8e9b14cbc3ba36e8897ec2473d36b0fd.tar.xz
revocation: Allow CRLs to be encoded in PEM format
Since the textual representation for a CRL is now standardized in RFC 7468 one could argue that we should accept that too, even though RFC 5280 explicitly demands CRLs fetched via HTTP/FTP to be in DER format. But in particular for file URIs enforcing that seems inconvenient. Fixes #1203.
-rw-r--r--src/libstrongswan/plugins/revocation/revocation_validator.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c
index 9fd5b2a22..fdcb9902b 100644
--- a/src/libstrongswan/plugins/revocation/revocation_validator.c
+++ b/src/libstrongswan/plugins/revocation/revocation_validator.c
@@ -367,7 +367,7 @@ static certificate_t* fetch_crl(char *url)
return NULL;
}
crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL,
- BUILD_BLOB_ASN1_DER, chunk, BUILD_END);
+ BUILD_BLOB_PEM, chunk, BUILD_END);
chunk_free(&chunk);
if (!crl)
{