Respect enforce_critical setting in x509 plugin CRLs
authorMartin Willi <martin@revosec.ch>
Fri, 17 Dec 2010 10:38:04 +0000 (11:38 +0100)
committerMartin Willi <martin@revosec.ch>
Wed, 5 Jan 2011 15:46:03 +0000 (16:46 +0100)
src/libstrongswan/plugins/x509/x509_crl.c

index e575537..979e0af 100644 (file)
@@ -289,6 +289,14 @@ static bool parse(private_x509_crl_t *this)
                                                this->crlNumber = object;
                                                break;
                                        default:
+                                               if (critical && lib->settings->get_bool(lib->settings,
+                                                       "libstrongswan.plugins.x509.enforce_critical", FALSE))
+                                               {
+                                                       DBG1(DBG_LIB, "critical %s extension not supported",
+                                                                (extn_oid == OID_UNKNOWN) ? "unknown" :
+                                                                (char*)oid_names[extn_oid].name);
+                                                       goto end;
+                                               }
                                                break;
                                }
                                break;