commit 5c721f98fd7cd99522a1fe512a479e322ab9fd2f
author Paul Bakker <p.j.bakker@polarssl.org> Wed Jul 27 16:51:09 2011 +0000
committer Paul Bakker <p.j.bakker@polarssl.org> Wed Jul 27 16:51:09 2011 +0000
tree ece9549d6cddea7ca7f9a76cfa725ded609b4264
parent 09b1ec68c8835c5230b26146d0f74a688031d37f

 - Introduced POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION flag to continue parsing when encountering a critical flag that's not supported by PolarSSL
 - Minor Fix in ASN.1 comments of PrivateKeyInfo

include/polarssl/config.h

diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 5f5cefe..61500a7 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -180,6 +180,17 @@
  * Enable the checkup functions (*_self_test).
  */
 #define POLARSSL_SELF_TEST
+
+/**
+ * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ *
+ * If set, the X509 parser will not break-off when parsing an X509 certificate
+ * and encountering an unknown critical extension.
+ *
+ * Uncomment to prevent an error.
+ *
+#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ */
 /* \} name */
 
 /**

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 874cf0b..58399eb 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -1013,12 +1013,14 @@
             /* No parser found, skip extension */
             *p = end_ext_octet;
 
+#if !defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
             if( is_critical )
             {
                 /* Data is marked as critical: fail */
                 return ( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
                         POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
             }
+#endif
         }
     }
 
@@ -1916,6 +1918,7 @@
      * PrivatKeyInfo object (PKCS#8) or a RSAPrivateKey (PKCS#1) directly.
      *
      *  PrivateKeyInfo ::= SEQUENCE {
+     *    version           Version,
      *    algorithm       AlgorithmIdentifier,
      *    PrivateKey      BIT STRING
      *  }