diff options
| -rw-r--r-- | src/libstrongswan/plugins/x509/x509_cert.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 623a26803..fc68cdc7b 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -905,6 +905,14 @@ static bool parse_certificate(private_x509_cert_t *this) } break; default: + if (critical && lib->settings->get_bool(lib->settings, + "libstrongswan.plugins.x509_cert.enforce_critical", FALSE)) + { + DBG1("critical %s extension not supported", + (extn_oid == OID_UNKNOWN) ? "unknown" : + (char*)oid_names[extn_oid].name); + goto end; + } break; } break; |