Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21230)
int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
int lastpos)
{
- int n;
+ int n, c;
X509_EXTENSION *ex;
if (sk == NULL)
n = sk_X509_EXTENSION_num(sk);
for (; lastpos < n; lastpos++) {
ex = sk_X509_EXTENSION_value(sk, lastpos);
- if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
+ c = X509_EXTENSION_get_critical(ex);
+ crit = crit != 0;
+ if (c == crit)
return lastpos;
}
return -1;
{
if (ex == NULL)
return 0;
- ex->critical = (crit) ? 0xFF : -1;
+ ex->critical = (crit) ? 0xFF : 0;
return 1;
}
ASN1_SEQUENCE(X509_EXTENSION) = {
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
- ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+ ASN1_OPT(X509_EXTENSION, critical, ASN1_FBOOLEAN),
ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING)
} ASN1_SEQUENCE_END(X509_EXTENSION)