Skip to content

Commit dd4ea75

Browse files
Fix OCSP test responder to omit fractional seconds (#77438)
Co-authored-by: Kevin Jones <[email protected]>
1 parent 9c8064d commit dd4ea75

File tree

1 file changed

+11
-2
lines changed

1 file changed

+11
-2
lines changed

src/libraries/Common/tests/System/Security/Cryptography/X509Certificates/CertificateAuthority.cs

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -517,9 +517,18 @@ singleExtensions [1] EXPLICIT Extensions OPTIONAL }
517517
}
518518
else if (status == CertStatus.Revoked)
519519
{
520-
// Android does not support all precisions for seconds - just omit fractional seconds for testing on Android
521520
writer.PushSequence(s_context1);
522-
writer.WriteGeneralizedTime(revokedTime, omitFractionalSeconds: OperatingSystem.IsAndroid());
521+
522+
// Fracational seconds "MUST NOT" be used here. Android and macOS 13+ enforce this and
523+
// reject GeneralizedTime's with fractional seconds, so omit them.
524+
// RFC 6960: 4.2.2.1:
525+
// The format for GeneralizedTime is as specified in Section 4.1.2.5.2 of [RFC5280].
526+
// RFC 5280 4.1.2.5.2:
527+
// For the purposes of this profile, GeneralizedTime values MUST be
528+
// expressed in Greenwich Mean Time (Zulu) and MUST include seconds
529+
// (i.e., times are YYYYMMDDHHMMSSZ), even where the number of seconds
530+
// is zero. GeneralizedTime values MUST NOT include fractional seconds.
531+
writer.WriteGeneralizedTime(revokedTime, omitFractionalSeconds: true);
523532
writer.PopSequence(s_context1);
524533
}
525534
else

0 commit comments

Comments
 (0)