Conversation
| X509_CRL_print(bio, crl); | ||
| BIO_free(bio); | ||
|
|
||
| if (bio != NULL) { | ||
| X509_CRL_print(bio, crl); | ||
| BIO_free(bio); | ||
| } |
There was a problem hiding this comment.
Can't valid ASN1 encode NULL values in CRL (as already checked for on line 30) meaning in the case bio == NULL we actually want to 'CRL_print' an odd but valid NULL representation (like \0 for echo -e) ... I'd expect the crl ASN1 length to be more indicative of whether there is a "NULL" value here or and odd but valid value, especially after the crl passed the check of != NULL indicating at-least a tag and length are present to parse (even if e.g., T<crl>:0:<NULL> the NULL content should not be considered part of the CRL value as the length is 0) thus I'd expect a zero-length check before a null-value check. Am I just missing something? If so, what am I missing here?
There was a problem hiding this comment.
Although it's technically legal to encode a NULL, why would a NULL make sense in a certificate revocation list? It doesn't mean anything since it doesn't name any revoked certificates. I think handling this as an error in the CRL is OK.
3 participants
No description provided.