sysadmin/ipxe - ipxe - codex.r10x.net

mirror of https://github.com/ipxe/ipxe synced 2026-01-28 11:44:14 +03:00

Go to file

Michael Brown 3f637d7462 [ocsp] Accept SHA1 certID responses even if SHA1 is not enabled

Various implementation quirks in OCSP servers make it impractical to
use anything other than SHA1 to construct the issuerNameHash and
issuerKeyHash identifiers in the request certID.  For example: both
the OpenCA OCSP responder used by ipxe.org and the Boulder OCSP
responder used by LetsEncrypt will fail if SHA256 is used in the
request certID.

As of commit 6ffe28a ("[ocsp] Accept response certID with missing
hashAlgorithm parameters") we rely on asn1_digest_algorithm() to parse
the algorithm identifier in the response certID.  This will fail if
SHA1 is disabled via config/crypto.h.

Fix by using a direct ASN.1 object comparison on the OID within the
algorithm identifier.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

2020-06-25 13:04:54 +01:00

contrib

[coverity] Override assumptions about wcrtomb() and hmac_init()

2019-08-17 17:18:54 +01:00

src

[ocsp] Accept SHA1 certID responses even if SHA1 is not enabled

2020-06-25 13:04:54 +01:00

.travis.yml

[travis] Ensure that most recent tag is always available

2020-01-03 00:14:03 +01:00

COPYING

[legal] Update GPLv2 licence text

2015-02-26 17:59:53 +00:00

COPYING.GPLv2

[legal] Update GPLv2 licence text

2015-02-26 17:59:53 +00:00

COPYING.UBDL

[legal] Add support for the Unmodified Binary Distribution Licence

2015-03-02 12:07:14 +00:00

README

[doc] Re-add README file

2010-05-28 00:03:47 +01:00

README

iPXE README File

Quick start guide:

   cd src
   make

For any more detailed instructions, see http://ipxe.org

Languages

C 97.3%

Assembly 1.5%

Perl 0.6%

Makefile 0.3%

Python 0.2%