From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Mon, 31 Jan 2011 13:37:48 +0000 (+0100)
Subject: fixed checking of unknown critical extensions in openssl_x509
X-Git-Tag: 4.5.1~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8b428648840a84674dafa7e849ec6ace9777f676;p=thirdparty%2Fstrongswan.git

fixed checking of unknown critical extensions in openssl_x509
---

diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c
index dfbebe746a..ddc9d5b6e7 100644
--- a/src/libstrongswan/plugins/openssl/openssl_x509.c
+++ b/src/libstrongswan/plugins/openssl/openssl_x509.c
@@ -804,7 +804,7 @@ static bool parse_extensions(private_openssl_x509_t *this)
 					ok = parse_crlDistributionPoints_ext(this, ext);
 					break;
 				default:
-					ok = X509_EXTENSION_get_critical(ext) != 0;
+					ok = X509_EXTENSION_get_critical(ext) == 0;
 					if (!ok)
 					{
 						DBG1(DBG_LIB, "found unsupported critical X.509 extension");