Respect enforce_critical setting in x509 plugin CRLs

author Martin Willi <martin@revosec.ch>

Fri, 17 Dec 2010 10:38:04 +0000 (11:38 +0100)

committer Martin Willi <martin@revosec.ch>

Wed, 5 Jan 2011 15:46:03 +0000 (16:46 +0100)
author Martin Willi <martin@revosec.ch>
Fri, 17 Dec 2010 10:38:04 +0000 (11:38 +0100)
committer Martin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:46:03 +0000 (16:46 +0100)
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c

index e575537..979e0af 100644 (file)
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -289,6 +289,14 @@ static bool parse(private_x509_crl_t *this)
                                                 this->crlNumber = object;
                                                 break;
                                         default:
+                                               if (critical && lib->settings->get_bool(lib->settings,
+                                                       "libstrongswan.plugins.x509.enforce_critical", FALSE))
+                                               {
+                                                       DBG1(DBG_LIB, "critical %s extension not supported",
+                                                                (extn_oid == OID_UNKNOWN) ? "unknown" :
+                                                                (char*)oid_names[extn_oid].name);
+                                                       goto end;
+                                               }
                                                 break;
                                 }
                                 break;
author	Martin Willi <martin@revosec.ch>
	Fri, 17 Dec 2010 10:38:04 +0000 (11:38 +0100)
committer	Martin Willi <martin@revosec.ch>
	Wed, 5 Jan 2011 15:46:03 +0000 (16:46 +0100)