feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

error to have v1 or v2 certificates with extensions

Browse Source
This commit is contained in:
John Safranek
2014-03-28 11:25:05 -07:00
parent b5a27b0f41
commit 1f3bc9263d
1 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
ctaocrypt/src/asn.c
View File

@ -3594,13 +3594,18 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
CYASSL_MSG("Parsed Past Key"); CYASSL_MSG("Parsed Past Key");
if (cert->srcIdx != cert->sigIndex) { if (cert->srcIdx < cert->sigIndex) {
if (cert->srcIdx < cert->sigIndex) { #ifndef ALLOW_V1_EXTENSIONS
/* save extensions */ if (cert->version < 2) {
cert->extensions = &cert->source[cert->srcIdx]; CYASSL_MSG(" v1 and v2 certs not allowed extensions");
cert->extensionsSz = cert->sigIndex - cert->srcIdx; return ASN_VERSION_E;
cert->extensionsIdx = cert->srcIdx; /* for potential later use */ }
} #endif
/* save extensions */
cert->extensions = &cert->source[cert->srcIdx];
cert->extensionsSz = cert->sigIndex - cert->srcIdx;
cert->extensionsIdx = cert->srcIdx; /* for potential later use */
if ((ret = DecodeCertExtensions(cert)) < 0) { if ((ret = DecodeCertExtensions(cert)) < 0) {
if (ret == ASN_CRIT_EXT_E) if (ret == ASN_CRIT_EXT_E)
criticalExt = ret; criticalExt = ret;