Tolerate critical AKID in CRLs.

author Dr. Stephen Henson <steve@openssl.org>

Fri, 27 Jun 2014 17:49:32 +0000 (18:49 +0100)

committer Dr. Stephen Henson <steve@openssl.org>

Fri, 27 Jun 2014 17:50:45 +0000 (18:50 +0100)
author Dr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 17:49:32 +0000 (18:49 +0100)
committer Dr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 17:50:45 +0000 (18:50 +0100)
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c

index c51c690ba9d3f160a516180c98766b39dcc3dc26..3f03efbe60479453969d46f005de914ce0b34b79 100644 (file)
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -270,6 +270,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                                 {
                                 /* We handle IDP and deltas */
                                 if ((nid == NID_issuing_distribution_point)
+                                       || (nid == NID_authority_key_identifier)
                                         || (nid == NID_delta_crl))
                                         break;;
                                 crl->flags |= EXFLAG_CRITICAL;
author	Dr. Stephen Henson <steve@openssl.org>
	Fri, 27 Jun 2014 17:49:32 +0000 (18:49 +0100)
committer	Dr. Stephen Henson <steve@openssl.org>
	Fri, 27 Jun 2014 17:50:45 +0000 (18:50 +0100)