- Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL

- Minor Fix in ASN.1 comments of PrivateKeyInfo
This commit is contained in:
Paul Bakker 2011-07-27 16:51:09 +00:00
parent 09b1ec68c8
commit 5c721f98fd
2 changed files with 14 additions and 0 deletions

View File

@ -180,6 +180,17 @@
* Enable the checkup functions (*_self_test).
*/
#define POLARSSL_SELF_TEST
/**
* \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*
* If set, the X509 parser will not break-off when parsing an X509 certificate
* and encountering an unknown critical extension.
*
* Uncomment to prevent an error.
*
#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
*/
/* \} name */
/**

View File

@ -1013,12 +1013,14 @@ static int x509_get_crt_ext( unsigned char **p,
/* No parser found, skip extension */
*p = end_ext_octet;
#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
if( is_critical )
{
/* Data is marked as critical: fail */
return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
}
#endif
}
}
@ -1916,6 +1918,7 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, size_t keylen,
* PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly.
*
* PrivateKeyInfo ::= SEQUENCE {
* version Version,
* algorithm AlgorithmIdentifier,
* PrivateKey BIT STRING
* }