Generate error on unknown critical extension during path validation

Previously unknown critical extensions were rejected during X509_Certificate constructor, which inhibited inspecting other parts of such a certificate. Refactored the certificate extensions code so that the path validation routine performs this check only. Additionally, added an interface for extensions to inspect the path during path validation. TODOs were added in places where existing path validation code can use the new interface. Fixes GH #449.
author: René Korthaus <[email protected]> 2016-04-05 11:55:59 +0200
committer: René Korthaus <[email protected]> 2016-04-06 16:25:52 +0200
commit: 6bb53f89ef97bb8c5bee8d78c85ccb96a29e8f46 (patch)
tree: 70ac1d4719b160135a0e19c68b68457d09e61c7a /src/lib/cert/x509/crl_ent.h
parent: 6a902a886c5b71ac16f2d957b5bdd319ab6eae0b (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/lib/cert/x509/crl_ent.h b/src/lib/cert/x509/crl_ent.h
index 11ab34365..4be508812 100644
--- a/src/lib/cert/x509/crl_ent.h
+++ b/src/lib/cert/x509/crl_ent.h
@@ -8,11 +8,12 @@
 #ifndef BOTAN_CRL_ENTRY_H__
 #define BOTAN_CRL_ENTRY_H__
 
-#include <botan/x509cert.h>
 #include <botan/asn1_time.h>
 
 namespace Botan {
 
+class X509_Certificate;
+
 /**
 * X.509v2 CRL Reason Code.
 */
author	René Korthaus <[email protected]>	2016-04-05 11:55:59 +0200
committer	René Korthaus <[email protected]>	2016-04-06 16:25:52 +0200
commit	6bb53f89ef97bb8c5bee8d78c85ccb96a29e8f46 (patch)
tree	70ac1d4719b160135a0e19c68b68457d09e61c7a /src/lib/cert/x509/crl_ent.h
parent	6a902a886c5b71ac16f2d957b5bdd319ab6eae0b (diff)