summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/gnutls_x509.c7
-rw-r--r--lib/x509_extensions.c4
2 files changed, 8 insertions, 3 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c
index 12fa8af753..b6e1e8934f 100644
--- a/lib/gnutls_x509.c
+++ b/lib/gnutls_x509.c
@@ -710,13 +710,17 @@ int gnutls_x509_extract_certificate_ca_status(const gnutls_datum * cert)
if ((result =
_gnutls_get_extension(cert, "2 5 29 19", &basicConstraints)) < 0) {
+ if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ /* The extension does not exist so it's not a CA */
+ return 0;
+ }
gnutls_assert();
return result;
}
if (basicConstraints.size == 0 || basicConstraints.data==NULL) {
gnutls_assert();
- return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
+ return 0;
}
if ((result=_gnutls_asn1_create_element
@@ -730,6 +734,7 @@ int gnutls_x509_extract_certificate_ca_status(const gnutls_datum * cert)
result = asn1_der_decoding(&c2, basicConstraints.data, basicConstraints.size, NULL);
_gnutls_free_datum( &basicConstraints);
+
if (result != ASN1_SUCCESS) {
/* couldn't decode DER */
diff --git a/lib/x509_extensions.c b/lib/x509_extensions.c
index 3f4638b11f..5393a799cf 100644
--- a/lib/x509_extensions.c
+++ b/lib/x509_extensions.c
@@ -284,7 +284,7 @@ int _gnutls_get_extension( const gnutls_datum * cert, const char* extension_id,
if ((result=_gnutls_asn1_create_element
(_gnutls_get_pkix(), "PKIX1.Certificate", &rasn,
- "certificate2"))
+ "c2"))
!= ASN1_SUCCESS) {
gnutls_assert();
return _gnutls_asn2err(result);
@@ -306,7 +306,7 @@ int _gnutls_get_extension( const gnutls_datum * cert, const char* extension_id,
do {
k++;
- _gnutls_str_cpy(name, sizeof(name), "certificate2.tbsCertificate.extensions.?");
+ _gnutls_str_cpy(name, sizeof(name), "c2.tbsCertificate.extensions.?");
_gnutls_int2str(k, counter);
_gnutls_str_cat(name, sizeof(name), counter);