aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/plugins/openssl/openssl_x509.c
diff options
context:
space:
mode:
authorMartin Willi <martin@revosec.ch>2010-12-13 14:22:00 +0100
committerMartin Willi <martin@revosec.ch>2011-01-05 16:46:01 +0100
commita6850b8499ab6a535b86248b58261b719b47bb27 (patch)
tree588f7eeb457cd76545b0c84bb82e4a371be39b42 /src/libstrongswan/plugins/openssl/openssl_x509.c
parenta2b340764fac2021ade280c4bdedb6c7c5f76ee3 (diff)
downloadstrongswan-a6850b8499ab6a535b86248b58261b719b47bb27.tar.bz2
strongswan-a6850b8499ab6a535b86248b58261b719b47bb27.tar.xz
Do not parse certificates with invalid version in openssl plugin
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_x509.c')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_x509.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index b6a06d015..80639ddc0 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -899,6 +899,13 @@ static bool parse_certificate(private_openssl_x509_t *this)
{
return FALSE;
}
+ if (X509_get_version(this->x509) < 0 || X509_get_version(this->x509) > 2)
+ {
+ DBG1(DBG_LIB, "unsupported x509 version: %d",
+ X509_get_version(this->x509) + 1);
+ return FALSE;
+ }
+
this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509));
this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509));