Allow empty ns_cert_type, key_usage while parsing certificates
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/library/x509_crt.c b/library/x509_crt.c
index a4eb712..f77991e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -573,6 +573,11 @@
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
+ if (bs.len == 0) {
+ *ns_cert_type = 0;
+ return 0;
+ }
+
if (bs.len != 1) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_INVALID_LENGTH);
@@ -595,6 +600,11 @@
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
}
+ if (bs.len == 0) {
+ *key_usage = 0;
+ return 0;
+ }
+
if (bs.len < 1) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_INVALID_LENGTH);