mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 17:40:50 +02:00
dedba75ad4
DecodeExtensionType() guarded the certificatePolicies duplicate check (VERIFY_AND_SET_OID) under WOLFSSL_SEP only, because the extCertPolicySet tracking bit was SEP-only. In a WOLFSSL_CERT_EXT-without-WOLFSSL_SEP build a cert with two certificatePolicies extensions was accepted and the second silently overwrote the first (RFC 5280 4.2 forbids repeats). Make the bit and the guard available under WOLFSSL_CERT_EXT too, matching every other non-repeatable extension. Add test_DecodeCertExtensions_dup_certpol (DecodeExtensionType now WOLFSSL_TEST_VIS).