aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/cert
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-04-05 18:40:11 +0000
committerlloyd <[email protected]>2014-04-05 18:40:11 +0000
commit2bcb87efa3187ea2dca7cd506dade7bd90066830 (patch)
treecb55590b9e6042edd7f87634c4db0b14a0bba031 /src/lib/cert
parentcdf34c4c43c6ebc480fe99024593afb1d31e74b0 (diff)
Make X.509 extension decoding failures point back to the problem extension
Diffstat (limited to 'src/lib/cert')
-rw-r--r--src/lib/cert/x509/x509_ext.cpp23
-rw-r--r--src/lib/cert/x509/x509_ext.h4
2 files changed, 17 insertions, 10 deletions
diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp
index f058357c1..f56014ab7 100644
--- a/src/lib/cert/x509/x509_ext.cpp
+++ b/src/lib/cert/x509/x509_ext.cpp
@@ -128,19 +128,26 @@ void Extensions::decode_from(BER_Decoder& from_source)
Certificate_Extension* ext = get_extension(oid);
- if(!ext)
- {
- if(!critical || !should_throw)
- continue;
-
+ if(!ext && critical && m_throw_on_unknown_critical)
throw Decoding_Error("Encountered unknown X.509 extension marked "
"as critical; OID = " + oid.as_string());
- }
- ext->decode_inner(value);
+ if(ext)
+ {
+ try
+ {
+ ext->decode_inner(value);
+ }
+ catch(std::exception& e)
+ {
+ throw Decoding_Error("Exception while decoding extension " +
+ oid.as_string() + ": " + e.what());
+ }
- extensions.push_back(std::make_pair(ext, critical));
+ extensions.push_back(std::make_pair(ext, critical));
+ }
}
+
sequence.verify_end();
}
diff --git a/src/lib/cert/x509/x509_ext.h b/src/lib/cert/x509/x509_ext.h
index 20be18a71..963a0ea68 100644
--- a/src/lib/cert/x509/x509_ext.h
+++ b/src/lib/cert/x509/x509_ext.h
@@ -70,13 +70,13 @@ class BOTAN_DLL Extensions : public ASN1_Object
Extensions& operator=(const Extensions&);
Extensions(const Extensions&);
- Extensions(bool st = true) : should_throw(st) {}
+ Extensions(bool st = true) : m_throw_on_unknown_critical(st) {}
~Extensions();
private:
static Certificate_Extension* get_extension(const OID&);
std::vector<std::pair<Certificate_Extension*, bool> > extensions;
- bool should_throw;
+ bool m_throw_on_unknown_critical;
};
namespace Cert_Extension {