QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-05-18 20:39:42 +00:00
Code Issues Projects Releases Wiki Activity

Correctly find all critical CRL extensions

Browse Source 
Unhandled critical CRL extensions were not detected if they appeared
after the handled ones.  (GitHub issue 1757).  Thanks to John Chuah
for reporting this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1769)
This commit is contained in:
Rich Salz 2016-10-22 03:53:47 -04:00
parent 45f4761fdb
commit 3ade92e785
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
crypto/asn1/x_crl.c
View File

@ -254,6 +254,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
int nid;
ext = sk_X509_EXTENSION_value(exts, idx);
nid = OBJ_obj2nid(ext->object);
if (nid == NID_freshest_crl)
@ -263,7 +264,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if ((nid == NID_issuing_distribution_point)
|| (nid == NID_authority_key_identifier)
|| (nid == NID_delta_crl))
break;;
continue;
crl->flags |= EXFLAG_CRITICAL;
break;
}