From e161238e8e9b14cbc3ba36e8897ec2473d36b0fd Mon Sep 17 00:00:00 2001 From: Tobias Brunner Date: Wed, 11 Nov 2015 14:26:00 +0100 Subject: revocation: Allow CRLs to be encoded in PEM format Since the textual representation for a CRL is now standardized in RFC 7468 one could argue that we should accept that too, even though RFC 5280 explicitly demands CRLs fetched via HTTP/FTP to be in DER format. But in particular for file URIs enforcing that seems inconvenient. Fixes #1203. --- src/libstrongswan/plugins/revocation/revocation_validator.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/libstrongswan/plugins/revocation/revocation_validator.c') diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index 9fd5b2a22..fdcb9902b 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -367,7 +367,7 @@ static certificate_t* fetch_crl(char *url) return NULL; } crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_CRL, - BUILD_BLOB_ASN1_DER, chunk, BUILD_END); + BUILD_BLOB_PEM, chunk, BUILD_END); chunk_free(&chunk); if (!crl) { -- cgit v1.2.3