x509: Don't break when cA field of BasicConstraints is missing

The field defaults to FALSE. It sucks that libtasn1 doesn't fill this in for us. https://bugs.freedesktop.org/show_bug.cgi?id=61975
author: Stef Walter <stefw@gnome.org> 2013-03-07 18:05:32 +0100
committer: Stef Walter <stefw@gnome.org> 2013-03-07 18:05:32 +0100
commit: 220d7b027871f79f446c7b3c2db9ef43f24c19cc (patch)
tree: 2ecffbceaac1b51b18c0569c5c458af40db141b2
parent: 3e532011ac100391315ffa13f537ed130cc45b2e (diff)
download: p11-kit-220d7b027871f79f446c7b3c2db9ef43f24c19cc.tar.gz
1 files changed, 9 insertions, 2 deletions
diff --git a/common/x509.c b/common/x509.c
index 46e3bd9..f86d2b3 100644
--- a/common/x509.c
+++ b/common/x509.c
@@ -122,9 +122,16 @@ p11_x509_parse_basic_constraints (p11_dict *asn1_defs,
 
 	len = sizeof (buffer);
 	ret = asn1_read_value (ext, "cA", buffer, &len);
-	return_val_if_fail (ret == ASN1_SUCCESS, false);
 
-	*is_ca = (strcmp (buffer, "TRUE") == 0);
+	/* Default value for cA is FALSE */
+	if (ret == ASN1_ELEMENT_NOT_FOUND) {
+		*is_ca = false;
+
+	} else {
+		return_val_if_fail (ret == ASN1_SUCCESS, false);
+		*is_ca = (strcmp (buffer, "TRUE") == 0);
+	}
+
 	asn1_delete_structure (&ext);
 
 	return true;
author	Stef Walter <stefw@gnome.org>	2013-03-07 18:05:32 +0100
committer	Stef Walter <stefw@gnome.org>	2013-03-07 18:05:32 +0100
commit	220d7b027871f79f446c7b3c2db9ef43f24c19cc (patch)
tree	2ecffbceaac1b51b18c0569c5c458af40db141b2
parent	3e532011ac100391315ffa13f537ed130cc45b2e (diff)
download	p11-kit-220d7b027871f79f446c7b3c2db9ef43f24c19cc.tar.gz