From 87c96c2e53023d9aeeaeb8257ca66e01fe64ab6f Mon Sep 17 00:00:00 2001 From: Jonathan Leroy Date: Wed, 14 Oct 2015 09:41:56 +0200 Subject: [PATCH] Fix boolean values according to DER specs In BER encoding, any boolean with a non-zero value is considered as TRUE. However, DER encoding require a value of 255 (0xFF) for TRUE. This commit makes `mbedtls_asn1_write_bool` function uses `255` instead of `1` for BOOLEAN values. With this fix, boolean values are now reconized by OS X keychain (tested on OS X 10.11). Fixes #318. --- library/asn1write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/asn1write.c b/library/asn1write.c index dd5a7455ee..849e8c1684 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -191,7 +191,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea if( *p - start < 1 ) return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); - *--(*p) = (boolean) ? 1 : 0; + *--(*p) = (boolean) ? 255 : 0; len++; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );