oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Check for unknown extentions in CRLs and CRLEntries.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16623 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-01-19 20:01:48 +00:00
parent 4859d1d1eb
commit 44b5efca00
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
lib/hx509/revoke.c
View File

@@ -190,7 +190,7 @@ hx509_revoke_verify(hx509_context context,
hx509_cert cert)
{
const Certificate *c = _hx509_get_cert(cert);
unsigned long i, j;
unsigned long i, j, k;
int ret;
for (i = 0; i < revoke->crls.len; i++) {
@@ -210,6 +210,11 @@ hx509_revoke_verify(hx509_context context,
crl->verified = 1;
}
if (crl->crl.tbsCertList.crlExtensions)
for (j = 0; j < crl->crl.tbsCertList.crlExtensions->len; j++)
if (crl->crl.tbsCertList.crlExtensions->val[j].critical)
return HX509_CRL_UNKNOWN_EXTENSION;
if (crl->crl.tbsCertList.revokedCertificates == NULL)
return 0;
@@ -226,6 +231,11 @@ hx509_revoke_verify(hx509_context context,
if (t > now)
continue;
if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions)
for (k = 0; k < crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->len; k++)
if (crl->crl.tbsCertList.revokedCertificates->val[j].crlEntryExtensions->val[k].critical)
return HX509_CRL_UNKNOWN_EXTENSION;
return HX509_CRL_CERT_REVOKED;
}
return 0;