[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Rich Salz
rsalz at openssl.org
Sat Oct 22 15:57:41 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 3ade92e785bb3777c92332f88e23f6ce906ee260 (commit)
from 45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 (commit)
- Log -----------------------------------------------------------------
commit 3ade92e785bb3777c92332f88e23f6ce906ee260
Author: Rich Salz <rsalz at openssl.org>
Date: Sat Oct 22 03:53:47 2016 -0400
Correctly find all critical CRL extensions
Unhandled critical CRL extensions were not detected if they appeared
after the handled ones. (GitHub issue 1757). Thanks to John Chuah
for reporting this.
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1769)
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/x_crl.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 0279503..c78ded8 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -254,6 +254,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
int nid;
+
ext = sk_X509_EXTENSION_value(exts, idx);
nid = OBJ_obj2nid(ext->object);
if (nid == NID_freshest_crl)
@@ -263,7 +264,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
if ((nid == NID_issuing_distribution_point)
|| (nid == NID_authority_key_identifier)
|| (nid == NID_delta_crl))
- break;;
+ continue;
crl->flags |= EXFLAG_CRITICAL;
break;
}
More information about the openssl-commits
mailing list