2 files changed, 10 insertions, 7 deletions

diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h
index 37c59a963..ebe660d59 100644
--- a/src/libstrongswan/credentials/certificates/x509.h
+++ b/src/libstrongswan/credentials/certificates/x509.h
@@ -35,17 +35,19 @@ typedef enum x509_flag_t x509_flag_t;
  */
 enum x509_flag_t {
 	/** cert has no constraints */
-	X509_NONE =			0, 
+	X509_NONE =			   0, 
 	/** cert has CA constraint */
-	X509_CA = 			(1<<0),
+	X509_CA = 			  (1<<0),
 	/** cert has AA constraint */
-	X509_AA = 			(1<<1),
+	X509_AA = 			  (1<<1),
 	/** cert has OCSP signer constraint */
-	X509_OCSP_SIGNER = 	(1<<2),
+	X509_OCSP_SIGNER = 	  (1<<2),
 	/** cert has serverAuth constraint */
-	X509_SERVER_AUTH = 	(1<<3),
+	X509_SERVER_AUTH = 	  (1<<3),
 	/** cert is self-signed */
-	X509_SELF_SIGNED =  (1<<4),
+	X509_SELF_SIGNED =    (1<<4),
+	/** cert has an ipAddrBlocks extension */
+	X509_IP_ADDR_BLOCKS = (1<<5),
 };
 
 /**
diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c
index c3c377d08..dee056d5d 100644
--- a/src/libstrongswan/plugins/x509/x509_cert.c
+++ b/src/libstrongswan/plugins/x509/x509_cert.c
@@ -803,7 +803,8 @@ static void parse_ipAddrBlocks(chunk_t blob, int level0,
 				break;
 		}
 	}
-
+	this->flags |= X509_IP_ADDR_BLOCKS;
+	
 end:
 	parser->destroy(parser);
 }