Tolerate critical AKID in CRLs.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 17:49:32 +0000 (18:49 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 17:50:45 +0000 (18:50 +0100)
PR#3014
(cherry picked from commit 11da66f8b1fbe5777fe08cc6ace9e1f2c1576a50)

crypto/asn1/x_crl.c

index c51c690ba9d3f160a516180c98766b39dcc3dc26..3f03efbe60479453969d46f005de914ce0b34b79 100644 (file)
@@ -270,6 +270,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                                {
                                /* We handle IDP and deltas */
                                if ((nid == NID_issuing_distribution_point)
+                                       || (nid == NID_authority_key_identifier)
                                        || (nid == NID_delta_crl))
                                        break;;
                                crl->flags |= EXFLAG_CRITICAL;