| x509_vfy.c (261037) | x509_vfy.c (264278) |
|---|---|
| 1/* crypto/x509/x509_vfy.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 1448 unchanged lines hidden (view full) --- 1457 { 1458 int ok; 1459 X509_REVOKED *rev; 1460 /* The rules changed for this... previously if a CRL contained 1461 * unhandled critical extensions it could still be used to indicate 1462 * a certificate was revoked. This has since been changed since 1463 * critical extension can change the meaning of CRL entries. 1464 */ | 1/* crypto/x509/x509_vfy.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 1448 unchanged lines hidden (view full) --- 1457 { 1458 int ok; 1459 X509_REVOKED *rev; 1460 /* The rules changed for this... previously if a CRL contained 1461 * unhandled critical extensions it could still be used to indicate 1462 * a certificate was revoked. This has since been changed since 1463 * critical extension can change the meaning of CRL entries. 1464 */ |
| 1465 if (crl->flags & EXFLAG_CRITICAL) | 1465 if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 1466 && (crl->flags & EXFLAG_CRITICAL)) |
| 1466 { | 1467 { |
| 1467 if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) 1468 return 1; | |
| 1469 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1470 ok = ctx->verify_cb(0, ctx); 1471 if(!ok) 1472 return 0; 1473 } 1474 /* Look for serial number of certificate in CRL 1475 * If found make sure reason is not removeFromCRL. 1476 */ --- 749 unchanged lines hidden --- | 1468 ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; 1469 ok = ctx->verify_cb(0, ctx); 1470 if(!ok) 1471 return 0; 1472 } 1473 /* Look for serial number of certificate in CRL 1474 * If found make sure reason is not removeFromCRL. 1475 */ --- 749 unchanged lines hidden --- |