diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2014-04-15 18:48:54 +0100 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2014-04-15 18:50:53 +0100 |
commit | 300b9f0b704048f60776881f1d378c74d9c32fbd (patch) | |
tree | dab6da7db7b32a0eba6302d92eea08ba22543ceb /crypto/x509v3/v3_purp.c | |
parent | 5f8e9a477a18551052f2019c1f374061acbaa5e6 (diff) | |
download | openssl-300b9f0b704048f60776881f1d378c74d9c32fbd.zip openssl-300b9f0b704048f60776881f1d378c74d9c32fbd.tar.gz openssl-300b9f0b704048f60776881f1d378c74d9c32fbd.tar.bz2 |
Extension checking fixes.
When looking for an extension we need to set the last found
position to -1 to properly search all extensions.
PR#3309.
Diffstat (limited to 'crypto/x509v3/v3_purp.c')
-rw-r--r-- | crypto/x509v3/v3_purp.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c index 6c40c7d..5f931db 100644 --- a/crypto/x509v3/v3_purp.c +++ b/crypto/x509v3/v3_purp.c @@ -386,8 +386,8 @@ static void x509v3_cache_extensions(X509 *x) /* Handle proxy certificates */ if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) { if (x->ex_flags & EXFLAG_CA - || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0 - || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) { + || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0 + || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) { x->ex_flags |= EXFLAG_INVALID; } if (pci->pcPathLengthConstraint) { @@ -684,7 +684,7 @@ static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x, return 0; /* Extended Key Usage MUST be critical */ - i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, 0); + i_ext = X509_get_ext_by_NID((X509 *) x, NID_ext_key_usage, -1); if (i_ext >= 0) { X509_EXTENSION *ext = X509_get_ext((X509 *) x, i_ext); |