diff options
-rw-r--r-- | lib/gnutls_x509.c | 7 | ||||
-rw-r--r-- | lib/x509_extensions.c | 4 |
2 files changed, 8 insertions, 3 deletions
diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 12fa8af753..b6e1e8934f 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -710,13 +710,17 @@ int gnutls_x509_extract_certificate_ca_status(const gnutls_datum * cert) if ((result = _gnutls_get_extension(cert, "2 5 29 19", &basicConstraints)) < 0) { + if (result == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + /* The extension does not exist so it's not a CA */ + return 0; + } gnutls_assert(); return result; } if (basicConstraints.size == 0 || basicConstraints.data==NULL) { gnutls_assert(); - return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; + return 0; } if ((result=_gnutls_asn1_create_element @@ -730,6 +734,7 @@ int gnutls_x509_extract_certificate_ca_status(const gnutls_datum * cert) result = asn1_der_decoding(&c2, basicConstraints.data, basicConstraints.size, NULL); _gnutls_free_datum( &basicConstraints); + if (result != ASN1_SUCCESS) { /* couldn't decode DER */ diff --git a/lib/x509_extensions.c b/lib/x509_extensions.c index 3f4638b11f..5393a799cf 100644 --- a/lib/x509_extensions.c +++ b/lib/x509_extensions.c @@ -284,7 +284,7 @@ int _gnutls_get_extension( const gnutls_datum * cert, const char* extension_id, if ((result=_gnutls_asn1_create_element (_gnutls_get_pkix(), "PKIX1.Certificate", &rasn, - "certificate2")) + "c2")) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -306,7 +306,7 @@ int _gnutls_get_extension( const gnutls_datum * cert, const char* extension_id, do { k++; - _gnutls_str_cpy(name, sizeof(name), "certificate2.tbsCertificate.extensions.?"); + _gnutls_str_cpy(name, sizeof(name), "c2.tbsCertificate.extensions.?"); _gnutls_int2str(k, counter); _gnutls_str_cat(name, sizeof(name), counter); |