2 Replies Latest reply on Apr 13, 2015 11:10 PM by Stuck Mojo

    OCSP in DSS seems to be invalid and may crash Acrobat

    Stuck Mojo Level 2

      Hi there!

       

      I'm currently facing some problems when we try to add a DSS to a timestamped document. Afterwards the timestamp is not marked as LTV in Acrobat and if we try to re-add the verification data via Acrobat it crashes. You can find the document in question here.

      If I add the verification data to the initial version of the file via Acrobat, there's no problem.

       

      I compared the DSS structure (actually I didn't left the Certs in the VRI entry which is done by Acrobat but this didn't makes a difference to the actual situation) and the OCSP response in detail and noticed that there's only a single strange difference:

      ocsp-diff.png

      This part represents the nonce extension in two ocsp responses (left by Acrobat - working, right by a webservice - not working). The extnValue isn't a valid ASN.1 structure which makes me thinks that this is the problem? The webservice/nonce in the request is out of our scope so I cannot play with this. I just want to ask if anybody can confirm that this little nonce value will let Acrobat crash and will ignore the response completely?

       

      Any comment is welcome!

       

      Thanks

      Jan