projects
/
oweals
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
1d6af3d
)
Fix bug in X509_V_FLAG_IGNORE_CRITICAL CRL handling.
author
Dr. Stephen Henson
<steve@openssl.org>
Thu, 9 Jan 2014 22:47:22 +0000
(22:47 +0000)
committer
Dr. Stephen Henson
<steve@openssl.org>
Thu, 9 Jan 2014 22:53:50 +0000
(22:53 +0000)
(cherry picked from commit
8f4077ca69076cebaca51b7b666db1ed49e46b9e
)
crypto/x509/x509_vfy.c
patch
|
blob
|
history
diff --git
a/crypto/x509/x509_vfy.c
b/crypto/x509/x509_vfy.c
index 677d9579d58444dad21eb876d7647b1319097864..bcbf9ea55039672b6ab8d493469a52523d43cbca 100644
(file)
--- a/
crypto/x509/x509_vfy.c
+++ b/
crypto/x509/x509_vfy.c
@@
-1586,10
+1586,9
@@
static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
* a certificate was revoked. This has since been changed since
* critical extension can change the meaning of CRL entries.
*/
- if (crl->flags & EXFLAG_CRITICAL)
+ if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+ && (crl->flags & EXFLAG_CRITICAL))
{
- if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
- return 1;
ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
ok = ctx->verify_cb(0, ctx);
if(!ok)