openssl: Properly handle flags in key usage extension
authorTobias Brunner <tobias@strongswan.org>
Thu, 8 Jun 2017 11:35:47 +0000 (13:35 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 14 Jun 2017 08:03:13 +0000 (10:03 +0200)
src/libstrongswan/plugins/openssl/openssl_x509.c

index e95eb72..e03a425 100644 (file)
@@ -686,15 +686,13 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this,
                        {
                                flags |= usage->data[1] << 8;
                        }
-                       switch (flags)
+                       if (flags & X509v3_KU_CRL_SIGN)
                        {
-                               case X509v3_KU_CRL_SIGN:
-                                       this->flags |= X509_CRL_SIGN;
-                                       break;
-                               case X509v3_KU_KEY_CERT_SIGN:
-                                       /* we use the caBasicContraint, MUST be set */
-                               default:
-                                       break;
+                               this->flags |= X509_CRL_SIGN;
+                       }
+                       if (flags & X509v3_KU_KEY_CERT_SIGN)
+                       {
+                               /* we use the caBasicContraint, MUST be set */
                        }
                }
                ASN1_BIT_STRING_free(usage);