Skip to content

Commit

Permalink
cert: Handle AIA response in PKCS#7 format
Browse files Browse the repository at this point in the history
  • Loading branch information
klzgrad committed Mar 30, 2022
1 parent 79fecf9 commit bcd5d09
Showing 1 changed file with 17 additions and 0 deletions.
17 changes: 17 additions & 0 deletions src/net/cert/internal/cert_issuer_source_aia.cc
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
#include "net/cert/cert_net_fetcher.h"
#include "net/cert/internal/cert_errors.h"
#include "net/cert/pem.h"
#include "net/cert/x509_certificate.h"
#include "net/cert/x509_util.h"
#include "url/gurl.h"

Expand Down Expand Up @@ -141,6 +142,22 @@ bool AiaRequest::AddCompletedFetchToResults(Error error,
// certificates MUST be able to accept individual DER encoded
// certificates and SHOULD be able to accept "certs-only" CMS messages.

// Handles PKCS#7 encoded certificates
CertificateList certs = X509Certificate::CreateCertificateListFromBytes(
fetched_bytes, X509Certificate::FORMAT_AUTO);
bool certs_ok = false;
for (const auto& cert : certs) {
auto parsed = ParsedCertificate::Create(
bssl::UpRef(cert->cert_buffer()),
x509_util::DefaultParseCertificateOptions(), /*errors=*/nullptr);
if (parsed) {
results->push_back(parsed);
certs_ok = true;
}
}
if (certs_ok)
return true;

// TODO(https://crbug.com/870359): Some AIA responses are served as PEM, which
// is not part of RFC 5280's profile.
return ParseCertFromDer(fetched_bytes, results) ||
Expand Down

0 comments on commit bcd5d09

Please sign in to comment.