[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
       via  3ade92e785bb3777c92332f88e23f6ce906ee260 (commit)
      from  45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 (commit)


- Log -----------------------------------------------------------------
commit 3ade92e785bb3777c92332f88e23f6ce906ee260
Author: Rich Salz <rs...@openssl.org>
Date:   Sat Oct 22 03:53:47 2016 -0400

    Correctly find all critical CRL extensions
    
    Unhandled critical CRL extensions were not detected if they appeared
    after the handled ones.  (GitHub issue 1757).  Thanks to John Chuah
    for reporting this.
    
    Reviewed-by: Richard Levitte <levi...@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1769)

-----------------------------------------------------------------------

Summary of changes:
 crypto/asn1/x_crl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 0279503..c78ded8 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -254,6 +254,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const 
ASN1_ITEM *it,
 
         for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
             int nid;
+
             ext = sk_X509_EXTENSION_value(exts, idx);
             nid = OBJ_obj2nid(ext->object);
             if (nid == NID_freshest_crl)
@@ -263,7 +264,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const 
ASN1_ITEM *it,
                 if ((nid == NID_issuing_distribution_point)
                     || (nid == NID_authority_key_identifier)
                     || (nid == NID_delta_crl))
-                    break;;
+                    continue;
                 crl->flags |= EXFLAG_CRITICAL;
                 break;
             }
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits