From 2d2d2539b4caaeb4d796c421983ca6bf8a77bdde Mon Sep 17 00:00:00 2001
From: stelar7 <dudedbz@gmail.com>
Date: Wed, 12 Apr 2023 15:05:37 +0200
Subject: [PATCH] LibTLS: Use the TBS ASN.1 data when verifying certificates

---
 Userland/Libraries/LibTLS/TLSv12.cpp | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Userland/Libraries/LibTLS/TLSv12.cpp b/Userland/Libraries/LibTLS/TLSv12.cpp
index caf762f065..6e774cfa68 100644
--- a/Userland/Libraries/LibTLS/TLSv12.cpp
+++ b/Userland/Libraries/LibTLS/TLSv12.cpp
@@ -377,9 +377,7 @@ bool Context::verify_certificate_pair(Certificate const& subject, Certificate co
     auto verification_buffer_bytes = verification_buffer.bytes();
     rsa.verify(subject.signature_value, verification_buffer_bytes);
 
-    // FIXME: This slice is subject hack, this will work for most certificates, but you actually have to parse
-    //        the ASN.1 data to correctly extract the signed part of the certificate.
-    ReadonlyBytes message = subject.original_asn1.bytes().slice(4, subject.original_asn1.size() - 4 - (5 + subject.signature_value.size()) - 15);
+    ReadonlyBytes message = subject.tbs_asn1.bytes();
     auto pkcs1 = Crypto::PK::EMSA_PKCS1_V1_5<Crypto::Hash::Manager>(kind);
     auto verification = pkcs1.verify(message, verification_buffer_bytes, subject.signature_value.size() * 8);
     return verification == Crypto::VerificationConsistency::Consistent;