Add a build flag ASN_TEMPLATE_SKIP_ISCA_CHECK to optionally skip the isCa != false check.

2023-09-07 15:23:52 -07:00
parent 7d85e390a9
commit 8e40130003
1 changed files with 2 additions and 0 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -18584,10 +18584,12 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert)
    if ((ret == 0) && (dataASN[BASICCONSASN_IDX_SEQ].length != 0)) {
        /* Bad encoding when CA Boolean is false
         * (default when not present). */
+#ifndef ASN_TEMPLATE_SKIP_ISCA_CHECK
        if ((dataASN[BASICCONSASN_IDX_CA].length != 0) && (!isCA)) {
            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);
            ret = ASN_PARSE_E;
        }
+#endif
        /* Path length must be a 7-bit value. */
        if ((ret == 0) && (cert->pathLength >= (1 << 7))) {
            WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E);