ocsp: fix default value of Version in ResponseData
ASN.1 specification of `ResponseData` is:
ResponseData ::= SEQUENCE {
version [0] EXPLICIT Version DEFAULT v1,
responderID ResponderID,
producedAt GeneralizedTime,
responses SEQUENCE OF SingleResponse,
responseExtensions [1] EXPLICIT Extensions OPTIONAL }
Where `Version` is:
Version ::= INTEGER { v1(0) }
Invalid default value results in a presence of a field that otherwise
should not be present.
See: https://github.com/openssl/openssl/issues/1297
Fixes: golang/#16321
Change-Id: Ibb065a67624e1877cfbe62e0483d781d783f74f0
Reviewed-on: https://go-review.googlesource.com/24841
Reviewed-by: Adam Langley <agl@golang.org>
diff --git a/ocsp/ocsp.go b/ocsp/ocsp.go
index 91004ac..09367c0 100644
--- a/ocsp/ocsp.go
+++ b/ocsp/ocsp.go
@@ -114,7 +114,7 @@
type responseData struct {
Raw asn1.RawContent
- Version int `asn1:"optional,default:1,explicit,tag:0"`
+ Version int `asn1:"optional,default:0,explicit,tag:0"`
RawResponderName asn1.RawValue `asn1:"optional,explicit,tag:1"`
KeyHash []byte `asn1:"optional,explicit,tag:2"`
ProducedAt time.Time `asn1:"generalized"`