From: Martin Willi <martin@revosec.ch>
Date: Fri, 17 Dec 2010 10:38:04 +0000 (+0100)
Subject: Respect enforce_critical setting in x509 plugin CRLs
X-Git-Tag: 4.5.1~176
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=51b7e9ce728e73fff05c5f6712e3603e720da9b4;p=thirdparty%2Fstrongswan.git

Respect enforce_critical setting in x509 plugin CRLs
---

diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index e575537da4..979e0afd4e 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -289,6 +289,14 @@ static bool parse(private_x509_crl_t *this)
 						this->crlNumber = object;
 						break;
 					default:
+						if (critical && lib->settings->get_bool(lib->settings,
+							"libstrongswan.plugins.x509.enforce_critical", FALSE))
+						{
+							DBG1(DBG_LIB, "critical %s extension not supported",
+								 (extn_oid == OID_UNKNOWN) ? "unknown" :
+								 (char*)oid_names[extn_oid].name);
+							goto end;
+						}
 						break;
 				}
 				break;