Respect configuration parameters for if an extension should be

marked critical in a new certificate.
author: lloyd <[email protected]> 2006-06-25 06:06:03 +0000
committer: lloyd <[email protected]> 2006-06-25 06:06:03 +0000
commit: c245cbdee2e3df68fa626c7e48e1a2f9e8b83e6b (patch)
tree: 3b6a9771f4ad4ce0d2bcecab91d6012ebe0eee76 /src
parent: 10a5f69fba2b5e5b5a93343c3e3f7a1e79879894 (diff)
1 files changed, 14 insertions, 2 deletions
diff --git a/src/x509_ext.cpp b/src/x509_ext.cpp
index ddb99a8fb..4cb462d5e 100644
--- a/src/x509_ext.cpp
+++ b/src/x509_ext.cpp
@@ -35,9 +35,21 @@ void Extensions::encode_into(DER_Encoder& to_object) const
       {
       const Certificate_Extension* ext = extensions[j];
 
-      bool is_critical = false;
+      std::string setting;
 
-      bool should_encode = ext->should_encode();
+      if(ext->config_id() != "")
+         setting = Config::get_string("x509/exts/" + ext->config_id());
+
+      if(setting == "")
+         setting = "yes";
+
+      if(setting != "yes" && setting != "no" && setting != "critical")
+         throw Invalid_Argument("X509_CA:: Invalid value for option "
+                                "x509/exts/" + ext->config_id() + " of " +
+                                setting);
+
+      bool is_critical = (setting == "critical");
+      bool should_encode = ext->should_encode() && (setting != "no");
 
       if(should_encode)
          {
author	lloyd <[email protected]>	2006-06-25 06:06:03 +0000
committer	lloyd <[email protected]>	2006-06-25 06:06:03 +0000
commit	c245cbdee2e3df68fa626c7e48e1a2f9e8b83e6b (patch)
tree	3b6a9771f4ad4ce0d2bcecab91d6012ebe0eee76 /src
parent	10a5f69fba2b5e5b5a93343c3e3f7a1e79879894 (diff)