Merge pull request #7388 from JacobBarthelmeh/x509_cases

check for critical policy extension when not supported
2024-04-05 15:59:03 -04:00
parent 7d66cc46ff 983616afa0
commit a518f493b5
1 changed files with 7 additions and 1 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -21121,7 +21121,13 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid,
                ret = ASN_PARSE_E;
            }
        #else
-            WOLFSSL_MSG("Certificate Policy extension not supported yet.");
+            WOLFSSL_MSG("Certificate Policy extension not supported.");
+            #ifndef WOLFSSL_NO_ASN_STRICT
+            if (critical) {
+                WOLFSSL_ERROR_VERBOSE(ASN_CRIT_EXT_E);
+                ret = ASN_CRIT_EXT_E;
+            }
+            #endif
        #endif
            break;