- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL

- Minor Fix in ASN.1 comments of PrivateKeyInfo
2011-07-27 16:51:09 +00:00 · 2011-07-27 16:51:09 +00:00 · 5c721f98fd
commit 5c721f98fd
parent 09b1ec68c8
2 changed files with 14 additions and 0 deletions
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@ -180,6 +180,17 @@
 * Enable the checkup functions (*_self_test).
 */
 #define POLARSSL_SELF_TEST
+
+/**
+ * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * Uncomment to prevent an error.
+ *
+#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ */
 /* \} name */

 /**
--- a/library/x509parse.c
+++ b/library/x509parse.c
@ -1013,12 +1013,14 @@ static int x509_get_crt_ext( unsigned char **p,
            /* No parser found, skip extension */
            *p = end_ext_octet;

+#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
            if( is_critical )
            {
                /* Data is marked as critical: fail */
                return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
                        POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
            }
+#endif
        }
    }

@ -1916,6 +1918,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
     * PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly.
     *
     *  PrivateKeyInfo ::= SEQUENCE {
+     *    version           Version,
     *    algorithm       AlgorithmIdentifier,
     *    PrivateKey      BIT STRING
     *  }