feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

if integer it is valid format with CA = False,

Browse Source
This commit is contained in:
Takashi Kojo
2019-11-14 14:51:58 +09:00
parent 99292158e4
commit dccb2e165e
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
wolfcrypt/src/asn.c
View File

@ -7175,19 +7175,24 @@ static int DecodeBasicCaConstraint(const byte* input, int sz, DecodedCert* cert)
/* If the basic ca constraint is false, this extension may be named, but /* If the basic ca constraint is false, this extension may be named, but
* left empty. So, if the length is 0, just return. */ * left empty. So, if the length is 0, just return. */
/* For OpenSSL compatibility, if ASN_INTEGER do nothing */
#ifdef WOLFSSL_X509_BASICCONS_INT
if (input[idx] == ASN_INTEGER)
return 0;
#endif
ret = GetBoolean(input, &idx, sz); ret = GetBoolean(input, &idx, sz);
#ifndef WOLFSSL_X509_BASICCONS_INT
if (ret < 0) { if (ret < 0) {
WOLFSSL_MSG("\tfail: constraint not valid BOOLEAN"); WOLFSSL_MSG("\tfail: constraint not valid BOOLEAN");
return ret; return ret;
} }
cert->isCA = (byte)ret; cert->isCA = (byte)ret;
#else
if (ret < 0) {
if(input[idx] == ASN_INTEGER) {
/* For OpenSSL compatibility, if ASN_INTEGER it is valid format */
cert->isCA = FALSE;
} else return ret;
} else
cert->isCA = (byte)ret;
#endif
/* If there isn't any more data, return. */ /* If there isn't any more data, return. */
if (idx >= (word32)sz) { if (idx >= (word32)sz) {