Bug 340776 documents an OCSP response that includes an empty OPTIONAL SEQUENCE-OF. Our QuickDER decoder did not detect it and report it as invalid DER. Our encode correctly re-encoded the response without the optional. That is, the optional part was omitted because it was empty. We detected the invalid DER repsonse because we compared the input to the decoder with the output of the encoder, and they did not match. IMO, the QuickDER decoder should at least have an option to detect these errors. Perhaps we will at times wish to ignore these errors, but that should be the optional behavior, not the default.
Priority: -- → P2
Target Milestone: --- → 3.11.3
Maybe Bug 340776 isn't such a good example. Perhaps it wasn't empty after all. But I believe this RFE is still valid. I don't think any of our ASN.1 decoders detects an empty optional.
Actually a SEQUENCE OF is allowed to have zero elements in the general case. This is valid to encode and decode. Some ASN.1 structures may be constrained in size and require a minimum or maximum of elements, which our templates are currently unable to express, and thus the decoders/encoders don't enforce it. Thus, I think this bug may be invalid.
Upon rereading X.690, I cannot find any rule that requires empty optional values to be omitted. So, I must reluctantly mark this invalid. :(
Status: NEW → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.