diff options
author | Rich Salz <rsalz@openssl.org> | 2016-10-22 03:53:47 -0400 |
---|---|---|
committer | Rich Salz <rsalz@openssl.org> | 2016-10-22 03:53:47 -0400 |
commit | 3ade92e785bb3777c92332f88e23f6ce906ee260 (patch) | |
tree | a1cd3880b5be3e2f3c9a4e6cd63ebb7e6e4622f8 /crypto/asn1 | |
parent | 45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 (diff) |
Correctly find all critical CRL extensions
Unhandled critical CRL extensions were not detected if they appeared
after the handled ones. (GitHub issue 1757). Thanks to John Chuah
for reporting this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1769)
Diffstat (limited to 'crypto/asn1')
-rw-r--r-- | crypto/asn1/x_crl.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c index 027950330d..c78ded89ef 100644 --- a/crypto/asn1/x_crl.c +++ b/crypto/asn1/x_crl.c @@ -254,6 +254,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) { int nid; + ext = sk_X509_EXTENSION_value(exts, idx); nid = OBJ_obj2nid(ext->object); if (nid == NID_freshest_crl) @@ -263,7 +264,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, if ((nid == NID_issuing_distribution_point) || (nid == NID_authority_key_identifier) || (nid == NID_delta_crl)) - break;; + continue; crl->flags |= EXFLAG_CRITICAL; break; } |