Support faulty X509 v1 certificates with extensions

(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2025-07-30 22:43:08 +03:00 · 2013-09-23 15:01:36 +02:00
parent 15b9b3a7e0
commit c27c4e2efb
5 changed files with 44 additions and 0 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -660,6 +660,17 @@
 */
 #define POLARSSL_SSL_TRUNCATED_HMAC

+/**
+ * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an extension in a v1 or v2 certificate.
+ *
+ * Uncomment to prevent an error.
+ *
+#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
+ */
+
 /**
 * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 *