Merge pull request #5095 from haydenroche5/decoded_cert_crit_fields
Make the critical extension flags in DecodedCert always available.
This commit is contained in:
commit
04ddd0abe4
@ -16758,9 +16758,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
/* Basic Constraints. */
|
||||
case BASIC_CA_OID:
|
||||
VERIFY_AND_SET_OID(cert->extBasicConstSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extBasicConstCrit = critical;
|
||||
#endif
|
||||
cert->extBasicConstCrit = critical;
|
||||
if (DecodeBasicCaConstraint(input, length, cert) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
@ -16769,9 +16767,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
/* CRL Distribution point. */
|
||||
case CRL_DIST_OID:
|
||||
VERIFY_AND_SET_OID(cert->extCRLdistSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extCRLdistCrit = critical;
|
||||
#endif
|
||||
cert->extCRLdistCrit = critical;
|
||||
if (DecodeCrlDist(input, length, cert) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
@ -16780,9 +16776,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
/* Authority information access. */
|
||||
case AUTH_INFO_OID:
|
||||
VERIFY_AND_SET_OID(cert->extAuthInfoSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extAuthInfoCrit = critical;
|
||||
#endif
|
||||
cert->extAuthInfoCrit = critical;
|
||||
if (DecodeAuthInfo(input, length, cert) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
@ -16791,18 +16785,14 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
/* Subject alternative name. */
|
||||
case ALT_NAMES_OID:
|
||||
VERIFY_AND_SET_OID(cert->extSubjAltNameSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extSubjAltNameCrit = critical;
|
||||
#endif
|
||||
cert->extSubjAltNameCrit = critical;
|
||||
ret = DecodeAltNames(input, length, cert);
|
||||
break;
|
||||
|
||||
/* Authority Key Identifier. */
|
||||
case AUTH_KEY_OID:
|
||||
VERIFY_AND_SET_OID(cert->extAuthKeyIdSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extAuthKeyIdCrit = critical;
|
||||
#endif
|
||||
cert->extAuthKeyIdCrit = critical;
|
||||
#ifndef WOLFSSL_ALLOW_CRIT_SKID
|
||||
/* This check is added due to RFC 5280 section 4.2.1.1
|
||||
* stating that conforming CA's must mark this extension
|
||||
@ -16822,9 +16812,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
/* Subject Key Identifier. */
|
||||
case SUBJ_KEY_OID:
|
||||
VERIFY_AND_SET_OID(cert->extSubjKeyIdSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extSubjKeyIdCrit = critical;
|
||||
#endif
|
||||
cert->extSubjKeyIdCrit = critical;
|
||||
#ifndef WOLFSSL_ALLOW_CRIT_SKID
|
||||
/* This check is added due to RFC 5280 section 4.2.1.2
|
||||
* stating that conforming CA's must mark this extension
|
||||
@ -16864,9 +16852,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
/* Key usage. */
|
||||
case KEY_USAGE_OID:
|
||||
VERIFY_AND_SET_OID(cert->extKeyUsageSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extKeyUsageCrit = critical;
|
||||
#endif
|
||||
cert->extKeyUsageCrit = critical;
|
||||
if (DecodeKeyUsage(input, length, cert) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
@ -16875,9 +16861,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
/* Extended key usage. */
|
||||
case EXT_KEY_USAGE_OID:
|
||||
VERIFY_AND_SET_OID(cert->extExtKeyUsageSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extExtKeyUsageCrit = critical;
|
||||
#endif
|
||||
cert->extExtKeyUsageCrit = critical;
|
||||
if (DecodeExtKeyUsage(input, length, cert) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
@ -16896,9 +16880,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
}
|
||||
#endif
|
||||
VERIFY_AND_SET_OID(cert->extNameConstraintSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extNameConstraintCrit = critical;
|
||||
#endif
|
||||
cert->extNameConstraintCrit = critical;
|
||||
if (DecodeNameConstraints(input, length, cert) < 0) {
|
||||
ret = ASN_PARSE_E;
|
||||
}
|
||||
@ -16930,9 +16912,7 @@ static int DecodeExtensionType(const byte* input, int length, word32 oid,
|
||||
#endif
|
||||
case POLICY_CONST_OID:
|
||||
VERIFY_AND_SET_OID(cert->extPolicyConstSet);
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
cert->extPolicyConstCrit = critical;
|
||||
#endif
|
||||
cert->extPolicyConstCrit = critical;
|
||||
if (DecodePolicyConstraints(&input[idx], length, cert) < 0)
|
||||
return ASN_PARSE_E;
|
||||
break;
|
||||
|
@ -1705,20 +1705,18 @@ struct DecodedCert {
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
|
||||
byte extCertPolicySet : 1;
|
||||
#endif
|
||||
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
||||
byte extCRLdistCrit : 1;
|
||||
byte extAuthInfoCrit : 1;
|
||||
byte extBasicConstCrit : 1;
|
||||
byte extPolicyConstCrit : 1;
|
||||
byte extSubjAltNameCrit : 1;
|
||||
byte extAuthKeyIdCrit : 1;
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
byte extNameConstraintCrit : 1;
|
||||
#endif
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
byte extNameConstraintCrit : 1;
|
||||
#endif
|
||||
byte extSubjKeyIdCrit : 1;
|
||||
byte extKeyUsageCrit : 1;
|
||||
byte extExtKeyUsageCrit : 1;
|
||||
#endif /* OPENSSL_EXTRA */
|
||||
#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
|
||||
byte extCertPolicyCrit : 1;
|
||||
#endif
|
||||
|
Loading…
x
Reference in New Issue
Block a user