(_gnutls_x509_ext_extract_basicConstraints): Make sure

pathLenConstraint is read, even if CA reading fails.

1 files changed, 7 insertions, 16 deletions

diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c
index aa2a59b2ce..38f46bb35d 100644
--- a/lib/x509/extensions.c
+++ b/lib/x509/extensions.c
@@ -502,8 +502,6 @@ _gnutls_x509_ext_extract_basicConstraints (int *CA,
   char str[128];
   int len, result;
 
-  *CA = 0;
-
   if ((result = asn1_create_element
        (_gnutls_get_pkix (), "PKIX1.BasicConstraints", &ext)) != ASN1_SUCCESS)
     {
@@ -512,7 +510,6 @@ _gnutls_x509_ext_extract_basicConstraints (int *CA,
     }
 
   result = asn1_der_decoding (&ext, extnValue, extnValueLen, NULL);
-
   if (result != ASN1_SUCCESS)
     {
       gnutls_assert ();
@@ -520,16 +517,6 @@ _gnutls_x509_ext_extract_basicConstraints (int *CA,
       return _gnutls_asn2err (result);
     }
 
-  len = sizeof (str) - 1;
-  /* the default value of cA is false.
-   */
-  result = asn1_read_value (ext, "cA", str, &len);
-  if (result != ASN1_SUCCESS)
-    {
-      asn1_delete_structure (&ext);
-      return 0;
-    }
-
   if (pathLenConstraint)
     {
       result = _gnutls_x509_read_uint (ext, "pathLenConstraint",
@@ -543,13 +530,17 @@ _gnutls_x509_ext_extract_basicConstraints (int *CA,
 	}
     }
 
-  asn1_delete_structure (&ext);
-
-  if (strcmp (str, "TRUE") == 0)
+  /* the default value of cA is false.
+   */
+  len = sizeof (str) - 1;
+  result = asn1_read_value (ext, "cA", str, &len);
+  if (result == ASN1_SUCCESS && strcmp (str, "TRUE") == 0)
     *CA = 1;
   else
     *CA = 0;
 
+  asn1_delete_structure (&ext);
+
   return 0;
 }