diff options
author | lloyd <[email protected]> | 2014-04-05 18:40:11 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2014-04-05 18:40:11 +0000 |
commit | 2bcb87efa3187ea2dca7cd506dade7bd90066830 (patch) | |
tree | cb55590b9e6042edd7f87634c4db0b14a0bba031 /src/lib/cert | |
parent | cdf34c4c43c6ebc480fe99024593afb1d31e74b0 (diff) |
Make X.509 extension decoding failures point back to the problem extension
Diffstat (limited to 'src/lib/cert')
-rw-r--r-- | src/lib/cert/x509/x509_ext.cpp | 23 | ||||
-rw-r--r-- | src/lib/cert/x509/x509_ext.h | 4 |
2 files changed, 17 insertions, 10 deletions
diff --git a/src/lib/cert/x509/x509_ext.cpp b/src/lib/cert/x509/x509_ext.cpp index f058357c1..f56014ab7 100644 --- a/src/lib/cert/x509/x509_ext.cpp +++ b/src/lib/cert/x509/x509_ext.cpp @@ -128,19 +128,26 @@ void Extensions::decode_from(BER_Decoder& from_source) Certificate_Extension* ext = get_extension(oid); - if(!ext) - { - if(!critical || !should_throw) - continue; - + if(!ext && critical && m_throw_on_unknown_critical) throw Decoding_Error("Encountered unknown X.509 extension marked " "as critical; OID = " + oid.as_string()); - } - ext->decode_inner(value); + if(ext) + { + try + { + ext->decode_inner(value); + } + catch(std::exception& e) + { + throw Decoding_Error("Exception while decoding extension " + + oid.as_string() + ": " + e.what()); + } - extensions.push_back(std::make_pair(ext, critical)); + extensions.push_back(std::make_pair(ext, critical)); + } } + sequence.verify_end(); } diff --git a/src/lib/cert/x509/x509_ext.h b/src/lib/cert/x509/x509_ext.h index 20be18a71..963a0ea68 100644 --- a/src/lib/cert/x509/x509_ext.h +++ b/src/lib/cert/x509/x509_ext.h @@ -70,13 +70,13 @@ class BOTAN_DLL Extensions : public ASN1_Object Extensions& operator=(const Extensions&); Extensions(const Extensions&); - Extensions(bool st = true) : should_throw(st) {} + Extensions(bool st = true) : m_throw_on_unknown_critical(st) {} ~Extensions(); private: static Certificate_Extension* get_extension(const OID&); std::vector<std::pair<Certificate_Extension*, bool> > extensions; - bool should_throw; + bool m_throw_on_unknown_critical; }; namespace Cert_Extension { |