diff options
author | Martin Willi <martin@revosec.ch> | 2010-12-13 14:22:00 +0100 |
---|---|---|
committer | Martin Willi <martin@revosec.ch> | 2011-01-05 16:46:01 +0100 |
commit | a6850b8499ab6a535b86248b58261b719b47bb27 (patch) | |
tree | 588f7eeb457cd76545b0c84bb82e4a371be39b42 /src/libstrongswan/plugins/openssl/openssl_x509.c | |
parent | a2b340764fac2021ade280c4bdedb6c7c5f76ee3 (diff) | |
download | strongswan-a6850b8499ab6a535b86248b58261b719b47bb27.tar.bz2 strongswan-a6850b8499ab6a535b86248b58261b719b47bb27.tar.xz |
Do not parse certificates with invalid version in openssl plugin
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_x509.c')
-rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_x509.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index b6a06d015..80639ddc0 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -899,6 +899,13 @@ static bool parse_certificate(private_openssl_x509_t *this) { return FALSE; } + if (X509_get_version(this->x509) < 0 || X509_get_version(this->x509) > 2) + { + DBG1(DBG_LIB, "unsupported x509 version: %d", + X509_get_version(this->x509) + 1); + return FALSE; + } + this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509)); this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509)); |