fixed checking of unknown critical extensions in openssl_x509
authorAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 31 Jan 2011 13:37:48 +0000 (14:37 +0100)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Mon, 31 Jan 2011 13:37:48 +0000 (14:37 +0100)
src/libstrongswan/plugins/openssl/openssl_x509.c

index dfbebe7..ddc9d5b 100644 (file)
@@ -804,7 +804,7 @@ static bool parse_extensions(private_openssl_x509_t *this)
                                        ok = parse_crlDistributionPoints_ext(this, ext);
                                        break;
                                default:
-                                       ok = X509_EXTENSION_get_critical(ext) != 0;
+                                       ok = X509_EXTENSION_get_critical(ext) == 0;
                                        if (!ok)
                                        {
                                                DBG1(DBG_LIB, "found unsupported critical X.509 extension");