------------------------------------------------------------ revno: 13183 revision-id: squid3@treenet.co.nz-20141030150239-uzhhottttodgfuri parent: squid3@treenet.co.nz-20141030150059-4axyu368gypa4bja fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4102 author: Christos Tsantilas committer: Amos Jeffries branch nick: 3.4 timestamp: Thu 2014-10-30 08:02:39 -0700 message: Bug 4102: sslbump cert contains only a dot character in key usage extension The patch for bug 3966 was slightly incorrect. As a result the Key Usage field for SSL-bump mimic'ed certificates could end up containing only a dot (.) character. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20141030150239-uzhhottttodgfuri # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 # testament_sha1: 0cf5e680415dd81c86897163cd29a18dc38410ac # timestamp: 2014-10-30 15:03:35 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 # base_revision_id: squid3@treenet.co.nz-20141030150059-\ # 4axyu368gypa4bja # # Begin patch === modified file 'src/ssl/gadgets.cc' --- src/ssl/gadgets.cc 2014-08-26 16:22:01 +0000 +++ src/ssl/gadgets.cc 2014-10-30 15:02:39 +0000 @@ -297,7 +297,21 @@ if ((ext = X509_get_ext(cert.get(), p)) != NULL) { ASN1_BIT_STRING *keyusage = (ASN1_BIT_STRING *)X509V3_EXT_d2i(ext); ASN1_BIT_STRING_set_bit(keyusage, KeyEncipherment, 1); - X509_EXTENSION_set_data( ext, (ASN1_OCTET_STRING*)keyusage ); + + //Build the ASN1_OCTET_STRING + const X509V3_EXT_METHOD *method = X509V3_EXT_get(ext); + assert(method && method->it); + unsigned char *ext_der = NULL; + int ext_len = ASN1_item_i2d((ASN1_VALUE *)keyusage, + &ext_der, + (const ASN1_ITEM *)ASN1_ITEM_ptr(method->it)); + + ASN1_OCTET_STRING *ext_oct = M_ASN1_OCTET_STRING_new(); + ext_oct->data = ext_der; + ext_oct->length = ext_len; + X509_EXTENSION_set_data(ext, ext_oct); + + M_ASN1_OCTET_STRING_free(ext_oct); ASN1_BIT_STRING_free(keyusage); } }