From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 8 Jun 2017 11:35:47 +0000 (+0200)
Subject: openssl: Properly handle flags in key usage extension
X-Git-Tag: 5.6.0dr1~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e793d65acdcf37ac84cab0b9cfe9459a1793d7df;p=thirdparty%2Fstrongswan.git

openssl: Properly handle flags in key usage extension
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index e95eb729bb..e03a4255d7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -686,15 +686,13 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this,
 			{
 				flags |= usage->data[1] << 8;
 			}
-			switch (flags)
+			if (flags & X509v3_KU_CRL_SIGN)
 			{
-				case X509v3_KU_CRL_SIGN:
-					this->flags |= X509_CRL_SIGN;
-					break;
-				case X509v3_KU_KEY_CERT_SIGN:
-					/* we use the caBasicContraint, MUST be set */
-				default:
-					break;
+				this->flags |= X509_CRL_SIGN;
+			}
+			if (flags & X509v3_KU_KEY_CERT_SIGN)
+			{
+				/* we use the caBasicContraint, MUST be set */
 			}
 		}
 		ASN1_BIT_STRING_free(usage);