From c4fd3b2f42a489f8e6328bd7e9400cbca35f0d09 Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Sat, 5 Feb 2011 09:01:18 +0100
Subject: introduced libstrongswan.x509.enforce_critical parameter

---
 src/libstrongswan/plugins/openssl/openssl_crl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src/libstrongswan/plugins/openssl/openssl_crl.c')

diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index 7786b7fbb..58401faa5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -460,7 +460,9 @@ static bool parse_extensions(private_openssl_crl_t *this)
 					ok = parse_crlNumber_ext(this, ext);
 					break;
 				default:
-					ok = X509_EXTENSION_get_critical(ext) != 0;
+					ok = X509_EXTENSION_get_critical(ext) == 0 ||
+						 !lib->settings->get_bool(lib->settings,
+								"libstrongswan.x509.enforce_critical", TRUE);
 					if (!ok)
 					{
 						DBG1(DBG_LIB, "found unsupported critical X.509 "
-- 
cgit v1.2.3