diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-02-05 09:01:18 +0100 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2011-02-05 09:01:18 +0100 |
| commit | c4fd3b2f42a489f8e6328bd7e9400cbca35f0d09 (patch) | |
| tree | b3b187ce633dfe2352487b65f89f762c9f78b572 /src/libstrongswan/plugins/openssl/openssl_x509.c | |
| parent | 8d13c12eac39e7750dbdc24f0a5d83436bdd0407 (diff) | |
| download | strongswan-c4fd3b2f42a489f8e6328bd7e9400cbca35f0d09.tar.bz2 strongswan-c4fd3b2f42a489f8e6328bd7e9400cbca35f0d09.tar.xz | |
introduced libstrongswan.x509.enforce_critical parameter
Diffstat (limited to 'src/libstrongswan/plugins/openssl/openssl_x509.c')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_x509.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index ddc9d5b6e..f096b2b5b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -804,7 +804,9 @@ static bool parse_extensions(private_openssl_x509_t *this) ok = parse_crlDistributionPoints_ext(this, ext); break; default: - ok = X509_EXTENSION_get_critical(ext) == 0; + ok = X509_EXTENSION_get_critical(ext) == 0 || + !lib->settings->get_bool(lib->settings, + "libstrongswan.x509.enforce_critical", TRUE); if (!ok) { DBG1(DBG_LIB, "found unsupported critical X.509 extension"); @@ -916,7 +918,7 @@ static bool parse_certificate(private_openssl_x509_t *this) if (!parse_extensions(this)) { - return TRUE; + return FALSE; } parse_extKeyUsage(this); |