mbedtls_x509_crt_parse_der_with_ext_cb improvement
Continue parsing when the callback fails to parse a non critical exception. Also document the behaviour more extensively and pass the callback error code to the caller unaltered. See https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630548 and https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630968 Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
This commit is contained in:
parent
5659e7e889
commit
565b52bb72
2 changed files with 15 additions and 5 deletions
|
@ -317,9 +317,14 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
|
||||||
* \param p Pointer to the start of the extension value
|
* \param p Pointer to the start of the extension value
|
||||||
* (the content of the OCTET STRING).
|
* (the content of the OCTET STRING).
|
||||||
* \param end End of extension value.
|
* \param end End of extension value.
|
||||||
*
|
*
|
||||||
* \note The callback must fail and return a negative error code if
|
* \note The callback must fail and return a negative error code
|
||||||
* it can not parse or does not support the extension.
|
* if it can not parse or does not support the extension.
|
||||||
|
* When the callback fails to parse a critical extension
|
||||||
|
* mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
|
||||||
|
* When the callback fails to parse a non critical extension
|
||||||
|
* mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
|
||||||
|
* the extension and continues parsing.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return A negative error code on failure.
|
* \return A negative error code on failure.
|
||||||
|
@ -358,6 +363,11 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
|
||||||
* certificate extension.
|
* certificate extension.
|
||||||
* The callback must return a negative error code if it
|
* The callback must return a negative error code if it
|
||||||
* does not know how to handle such an extension.
|
* does not know how to handle such an extension.
|
||||||
|
* When the callback fails to parse a critical extension
|
||||||
|
* mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
|
||||||
|
* When the callback fails to parse a non critical extension
|
||||||
|
* mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
|
||||||
|
* the extension and continues parsing.
|
||||||
*
|
*
|
||||||
* \return \c 0 if successful.
|
* \return \c 0 if successful.
|
||||||
* \return A negative error code on failure.
|
* \return A negative error code on failure.
|
||||||
|
|
|
@ -961,8 +961,8 @@ static int x509_get_crt_ext( unsigned char **p,
|
||||||
if( cb != NULL )
|
if( cb != NULL )
|
||||||
{
|
{
|
||||||
ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet );
|
ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet );
|
||||||
if( ret != 0 )
|
if( ret != 0 && is_critical )
|
||||||
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
|
return( ret );
|
||||||
*p = end_ext_octet;
|
*p = end_ext_octet;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue