Skip to content

Commit

Permalink
Fix boolean values according to DER specs
Browse files Browse the repository at this point in the history 
In BER encoding, any boolean with a non-zero value is considered as
TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE.

This commit makes `mbedtls_asn1_write_bool` function uses `255` instead
of `1` for BOOLEAN values.

With this fix, boolean values are now reconized by OS X keychain (tested
on OS X 10.11).

Fixes #318.
  • Loading branch information
@jleroy @mpg
jleroy authored and mpg committed Nov 1, 2015
1 parent 3dd85dd commit 00c6b3c
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion library/asn1write.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea
if( *p - start < 1 )
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );

*--(*p) = (boolean) ? 1 : 0;
*--(*p) = (boolean) ? 255 : 0;
len++;

MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
Expand Down

0 comments on commit 00c6b3c

Please sign in to comment.