Commit 5c721f98 authored by Paul Bakker's avatar Paul Bakker
Browse files

- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to...

 - Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
 - Minor Fix in ASN.1 comments of PrivateKeyInfo
parent 09b1ec68
......@@ -180,6 +180,17 @@
* Enable the checkup functions (*_self_test).
*/
#define POLARSSL_SELF_TEST
/**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* If set, the X509 parser will not break-off when parsing an X509 certificate
* and encountering an unknown critical extension.
*
* Uncomment to prevent an error.
*
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/
/* \} name */
/**
......
......@@ -1013,12 +1013,14 @@ static int x509_get_crt_ext( unsigned char **p,
/* No parser found, skip extension */
*p = end_ext_octet;
#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
{
/* Data is marked as critical: fail */
return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
}
#endif
}
}
......@@ -1916,6 +1918,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
* PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly.
*
* PrivateKeyInfo ::= SEQUENCE {
* version Version,
* algorithm AlgorithmIdentifier,
* PrivateKey BIT STRING
* }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment