fixup

ocsp/ocsp.go

@@ -115,6 +115,13 @@ type basicResponse struct {
 	Certificates       []asn1.RawValue `asn1:"explicit,tag:0,optional"`
 }
 
+type basicResponseRawTBS struct {
+	TBSResponseData    asn1.RawValue
+	SignatureAlgorithm pkix.AlgorithmIdentifier
+	Signature          asn1.BitString
+	Certificates       []asn1.RawValue `asn1:"explicit,tag:0,optional"`
+}
+
 type responseData struct {
 	Raw            asn1.RawContent
 	Version        int `asn1:"optional,default:0,explicit,tag:0"`
@@ -428,24 +435,12 @@ func (resp *Response) CheckSignatureFrom(issuer *x509.Certificate) error {
 // Marshal marshals the OCSP response to ASN.1 DER encoded form
 func (resp *Response) Marshal() ([]byte, error) {
 
-	var tbsResponseData responseData
-
-	rest, err := asn1.Unmarshal(resp.TBSResponseData, &tbsResponseData)
-
-	if len(rest) != 0 {
-		return nil, errors.New("trailing data in resp.TBSResponseData")
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
 	signatureAlgorithm, err := signingParamsForAlgo(resp.SignatureAlgorithm)
 	if err != nil {
 		return nil, err
 	}
-	response := basicResponse{
-		TBSResponseData:    tbsResponseData,
+	response := basicResponseRawTBS{
+		TBSResponseData:    asn1.RawValue{FullBytes: resp.TBSResponseData},
 		SignatureAlgorithm: signatureAlgorithm,
 		Signature: asn1.BitString{
 			Bytes:     resp.Signature,