Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add two missing entries to the OCSP CRLReason table #21743

Closed
wants to merge 1 commit into from
Closed

Add two missing entries to the OCSP CRLReason table #21743

wants to merge 1 commit into from

Conversation

robstradling
Copy link
Contributor

This PR adds two CRLReasons (privilegeWithdrawn and aACompromise) that are missing from reason_tbl in OCSP_crl_reason_str() (crypto/ocsp/ocsp_prn.c) but present in https://datatracker.ietf.org/doc/html/rfc5280#section-5.3.1.

These two CRLReasons were absent in https://datatracker.ietf.org/doc/html/rfc2459#section-5.3.1 and X.509 (08/97), which is presumably why they were missing from ocsp_prn.c. Interestingly though, the corresponding #defines do already exist (in include/openssl/ocsp.h.in).

The use of reason codes in CRL entries and OCSP responses has increased amongst WebPKI CAs recently, and I'm aware of several people that have been confused by the missing privilegeWithdrawn entry (that this PR adds) when using "openssl ocsp" to print OCSP responses.

@robstradling
Copy link
Contributor Author

Example behaviour without this PR:

    Cert Status: revoked
    Revocation Time: Aug 15 12:24:46 2023 GMT
    Revocation Reason: (UNKNOWN) (0x9)
    This Update: Aug 15 12:24:46 2023 GMT
    Next Update: Aug 22 12:24:45 2023 GMT

Example behaviour with this PR:

    Cert Status: revoked
    Revocation Time: Aug 15 12:24:46 2023 GMT
    Revocation Reason: privilegeWithdrawn (0x9)
    This Update: Aug 15 12:24:46 2023 GMT
    Next Update: Aug 22 12:24:45 2023 GMT

@t8m t8m added branch: master Merge to master branch approval: review pending This pull request needs review by a committer approval: otc review pending This pull request needs review by an OTC member triaged: feature The issue/pr requests/adds a feature labels Aug 15, 2023
@t8m
Copy link
Member

t8m commented Aug 15, 2023

Could you please submit a CLA? https://www.openssl.org/policies/cla.html
Or, alternatively, this could be acceptable with CLA: trivial. So if you could amend the commit message to put CLA: trivial on a separate line in the commit message body, that would also work.

@t8m t8m added hold: cla required The contributor needs to submit a license agreement tests: exempted The PR is exempt from requirements for testing labels Aug 15, 2023
@robstradling
Copy link
Contributor Author

Or, alternatively, this could be acceptable with CLA: trivial. So if you could amend the commit message to put CLA: trivial on a separate line in the commit message body, that would also work.

Done.

@t8m
Copy link
Member

t8m commented Aug 16, 2023

Done.

It seems it did not work. There needs to be an empty line between the first line of the message (subject line) and the rest of the message - this is a body of the message.

@t8m
Copy link
Member

t8m commented Aug 16, 2023

OK with CLA: trivial

@t8m t8m added cla: trivial One of the commits is marked as 'CLA: trivial' and removed hold: cla required The contributor needs to submit a license agreement approval: otc review pending This pull request needs review by an OTC member labels Aug 16, 2023
@robstradling
Copy link
Contributor Author

Done.

It seems it did not work. There needs to be an empty line between the first line of the message (subject line) and the rest of the message - this is a body of the message.

Ah, sorry about that. Empty line added.

@hlandau hlandau added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Aug 17, 2023
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Aug 18, 2023
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@levitte
Copy link
Member

levitte commented Aug 18, 2023

Merged

1c8a7f5 Add two missing entries to the OCSP CRLReason table

openssl-machine pushed a commit that referenced this pull request Aug 18, 2023
@robstradling @levitte
Add two missing entries to the OCSP CRLReason table
1c8a7f5 
CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #21743)
@levitte levitte closed this Aug 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hlandau hlandau hlandau approved these changes

@t8m t8m t8m approved these changes

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch cla: trivial One of the commits is marked as 'CLA: trivial' tests: exempted The PR is exempt from requirements for testing triaged: feature The issue/pr requests/adds a feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@robstradling @t8m @openssl-machine @levitte @hlandau