diff --git a/configure.ac b/configure.ac
index 7dee4d140..63a47696e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -6,7 +6,7 @@
 #
 #
 
-AC_INIT([cyassl],[2.1.5],[http://www.yassl.com])
+AC_INIT([cyassl],[2.1.7],[http://www.yassl.com])
 
 AC_CONFIG_AUX_DIR(config)
 
diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 728241f4f..8e993ef13 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -4520,8 +4520,9 @@ static int GetBasicDate(const byte* source, word32* idx, byte* date, int maxIdx)
 static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
                       int maxIdx)
 {
-    int  len;
-    byte b;
+    int    len;
+    word32 end;
+    byte   b;
     RevokedCert* rc;
 
     CYASSL_ENTER("GetRevoked");
@@ -4529,6 +4530,8 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
     if (GetSequence(buff, idx, &len, maxIdx) < 0)
         return ASN_PARSE_E;
 
+    end = *idx + len;
+
     /* get serial number */
     b = buff[*idx];
     *idx += 1;
@@ -4577,6 +4580,9 @@ static int GetRevoked(const byte* buff, word32* idx, DecodedCRL* dcrl,
     /* skip for now */
     *idx += len;
 
+    if (*idx != end)  /* skip extensions */
+        *idx = end;
+
     return 0;
 }