From 5c721f98fd7cd99522a1fe512a479e322ab9fd2f Mon Sep 17 00:00:00 2001 From: Paul Bakker Date: Wed, 27 Jul 2011 16:51:09 +0000 Subject: [PATCH] - Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL - Minor Fix in ASN.1 comments of PrivateKeyInfo --- include/polarssl/config.h | 11 +++++++++++ library/x509parse.c | 3 +++ 2 files changed, 14 insertions(+) diff --git a/include/polarssl/config.h b/include/polarssl/config.h index 5f5cefe58c..61500a75ee 100644 --- a/include/polarssl/config.h +++ b/include/polarssl/config.h @@ -180,6 +180,17 @@ * Enable the checkup functions (*_self_test). */ #define POLARSSL_SELF_TEST + +/** + * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION + * + * If set, the X509 parser will not break-off when parsing an X509 certificate + * and encountering an unknown critical extension. + * + * Uncomment to prevent an error. + * +#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION + */ /* \} name */ /** diff --git a/library/x509parse.c b/library/x509parse.c index 874cf0bb18..58399eb484 100644 --- a/library/x509parse.c +++ b/library/x509parse.c @@ -1013,12 +1013,14 @@ static int x509_get_crt_ext( unsigned char **p, /* No parser found, skip extension */ *p = end_ext_octet; +#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) if( is_critical ) { /* Data is marked as critical: fail */ return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG ); } +#endif } } @@ -1916,6 +1918,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen, * PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly. * * PrivateKeyInfo ::= SEQUENCE { + * version Version, * algorithm AlgorithmIdentifier, * PrivateKey BIT STRING * }