Tolerate critical AKID in CRLs.
authorDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 17:49:32 +0000 (18:49 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Fri, 27 Jun 2014 17:49:32 +0000 (18:49 +0100)
PR#3014

crypto/asn1/x_crl.c

index a4dfee8..dc01063 100644 (file)
@@ -270,6 +270,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                                {
                                /* We handle IDP and deltas */
                                if ((nid == NID_issuing_distribution_point)
+                                       || (nid == NID_authority_key_identifier)
                                        || (nid == NID_delta_crl))
                                        break;;
                                crl->flags |= EXFLAG_CRITICAL;