- Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index a865a75..26e7dfa 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1401,7 +1401,8 @@
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
}
- ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n );
+ ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n,
+ X509_NON_PERMISSIVE );
if( ret != 0 )
{
SSL_DEBUG_RET( 1, " x509parse_crt", ret );