Skip to content

Commit

Permalink
Fix boolean values according to DER specs
Browse files Browse the repository at this point in the history 
In BER encoding, any boolean with a non-zero value is considered as
TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE.

This commit makes `mbedtls_asn1_write_bool` function uses `255` instead
of `1` for BOOLEAN values.

With this fix, boolean values are now reconized by OS X keychain (tested
on OS X 10.11).

Fixes #318.
  • Loading branch information
@jleroy @mpg
jleroy authored and mpg committed Oct 27, 2015
1 parent c4baf98 commit b76e436
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion library/asn1write.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ int asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
if( *p - start < 1 )
return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );

*--(*p) = (boolean) ? 1 : 0;
*--(*p) = (boolean) ? 255 : 0;
len++;

ASN1_CHK_ADD( len, asn1_write_len( p, start, len ) );
Expand Down

0 comments on commit b76e436

Please sign in to comment.