aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-08-23 05:34:35 -0400
committerJack Lloyd <[email protected]>2018-08-23 05:34:35 -0400
commit1e5f23cdb28234a1bdbf9723ede3becade07d1c9 (patch)
treed6643eb347c772bc9cfa34ba1830c39331187b01
parente53a1393687d8f33ab7230fc1dc2a062c28925c0 (diff)
If cert extension parsing fails, replace the object with Unknown
Allows the parse to complete and even allows examining the extension. GH #1652
-rw-r--r--src/lib/x509/x509_ext.cpp3
-rw-r--r--src/lib/x509/x509_ext.h7
-rw-r--r--src/tests/data/x509/bsi/expected.txt2
3 files changed, 9 insertions, 3 deletions
diff --git a/src/lib/x509/x509_ext.cpp b/src/lib/x509/x509_ext.cpp
index 5a5ffa177..841adac57 100644
--- a/src/lib/x509/x509_ext.cpp
+++ b/src/lib/x509/x509_ext.cpp
@@ -101,7 +101,8 @@ Extensions::create_extn_obj(const OID& oid,
}
catch(Decoding_Error& e)
{
- throw Decoding_Error("Decoding X.509 extension " + oid.as_string(), e);
+ extn.reset(new Cert_Extension::Unknown_Extension(oid, critical));
+ extn->decode_inner(body);
}
return extn;
}
diff --git a/src/lib/x509/x509_ext.h b/src/lib/x509/x509_ext.h
index 6e71fb879..687c58b0c 100644
--- a/src/lib/x509/x509_ext.h
+++ b/src/lib/x509/x509_ext.h
@@ -104,7 +104,12 @@ class BOTAN_PUBLIC_API(2,0) Extensions final : public ASN1_Object
{
if(const Certificate_Extension* extn = get_extension_object(oid))
{
- if(const T* extn_as_T = dynamic_cast<const T*>(extn))
+ // Unknown_Extension oid_name is empty
+ if(extn->oid_name().empty())
+ {
+ return nullptr;
+ }
+ else if(const T* extn_as_T = dynamic_cast<const T*>(extn))
{
return extn_as_T;
}
diff --git a/src/tests/data/x509/bsi/expected.txt b/src/tests/data/x509/bsi/expected.txt
index 8037c6aca..6ae2df005 100644
--- a/src/tests/data/x509/bsi/expected.txt
+++ b/src/tests/data/x509/bsi/expected.txt
@@ -42,7 +42,7 @@ cert_path_ext_06$CA certificate not allowed to issue certs
cert_path_ext_07$CA certificate not allowed to issue certs
cert_path_ext_08$Certificate chain too long
cert_path_ext_09$Verified
-cert_path_ext_10$CERTIFICATE decoding failed with Decoding X.509 extension 2.5.29.15 failed with BER: Tag mismatch when decoding usage constraint got SEQUENCE/CONSTRUCTED expected BIT STRING/UNIVERSAL
+cert_path_ext_10$Unknown critical extension encountered
cert_path_ext_11$CA certificate not allowed to issue certs
cert_path_ext_12$Certificate contains duplicate policy
cert_path_ext_13$Unknown critical extension encountered