diff options
| author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2022-11-03 03:18:17 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-03 03:18:17 +0300 |
| commit | 3cda7e844ad8b98ea1a718bf2a2a0ceade1c2485 (patch) | |
| tree | e10a85f120d22a56433c5f137ab12e011e6f22df | |
| parent | 4c3001dca2c75b14cb36995e7537c46826ad558e (diff) | |
Fix OCSP test responder to omit fractional seconds (#77437)
Co-authored-by: Kevin Jones <kevin@vcsjones.com>
| -rw-r--r-- | src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs b/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs index e85100aeb71..075ea2e8787 100644 --- a/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs +++ b/src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs @@ -566,9 +566,18 @@ SingleResponse ::= SEQUENCE { } else if (status == CertStatus.Revoked) { - // Android does not support all precisions for seconds - just omit fractional seconds for testing on Android writer.PushSequence(s_context1); - writer.WriteGeneralizedTime(revokedTime, omitFractionalSeconds: OperatingSystem.IsAndroid()); + + // Fracational seconds "MUST NOT" be used here. Android and macOS 13+ enforce this and + // reject GeneralizedTime's with fractional seconds, so omit them. + // RFC 6960: 4.2.2.1: + // The format for GeneralizedTime is as specified in Section 4.1.2.5.2 of [RFC5280]. + // RFC 5280 4.1.2.5.2: + // For the purposes of this profile, GeneralizedTime values MUST be + // expressed in Greenwich Mean Time (Zulu) and MUST include seconds + // (i.e., times are YYYYMMDDHHMMSSZ), even where the number of seconds + // is zero. GeneralizedTime values MUST NOT include fractional seconds. + writer.WriteGeneralizedTime(revokedTime, omitFractionalSeconds: true); writer.PopSequence(s_context1); } else |