From e793d65acdcf37ac84cab0b9cfe9459a1793d7df Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 8 Jun 2017 13:35:47 +0200
Subject: [PATCH] openssl: Properly handle flags in key usage extension

---
 src/libstrongswan/plugins/openssl/openssl_x509.c | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index e95eb729bb..e03a4255d7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -686,15 +686,13 @@ static bool parse_keyUsage_ext(private_openssl_x509_t *this,
 			{
 				flags |= usage->data[1] << 8;
 			}
-			switch (flags)
+			if (flags & X509v3_KU_CRL_SIGN)
 			{
-				case X509v3_KU_CRL_SIGN:
-					this->flags |= X509_CRL_SIGN;
-					break;
-				case X509v3_KU_KEY_CERT_SIGN:
-					/* we use the caBasicContraint, MUST be set */
-				default:
-					break;
+				this->flags |= X509_CRL_SIGN;
+			}
+			if (flags & X509v3_KU_KEY_CERT_SIGN)
+			{
+				/* we use the caBasicContraint, MUST be set */
 			}
 		}
 		ASN1_BIT_STRING_free(usage);
-- 
2.47.2