diff options
author | thekuwayama <thekuwayama@gmail.com> | 2019-11-19 14:54:05 +0900 |
---|---|---|
committer | Samuel Williams <samuel.williams@oriontransfer.co.nz> | 2019-11-19 18:11:11 +0900 |
commit | 7498a910d09f6a1299ddfa760ed45d1dee193f4c (patch) | |
tree | 529b407e8a3b03758d5a74fd6f65b278ebc5e716 /lib/openssl | |
parent | 531782c0dc1e0246ed2accdc9bcd88cb217d6ce4 (diff) | |
download | ruby-openssl-7498a910d09f6a1299ddfa760ed45d1dee193f4c.tar.gz |
check AIA extension is critical
Diffstat (limited to 'lib/openssl')
-rw-r--r-- | lib/openssl/x509.rb | 6 |
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb index 26a757bc..aa29fbe5 100644 --- a/lib/openssl/x509.rb +++ b/lib/openssl/x509.rb @@ -177,10 +177,6 @@ module OpenSSL aia_asn1 = parse_aia_asn1 return nil if aia_asn1.nil? - if aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE - raise ASN1::ASN1Error, "invalid extension" - end - ca_issuer = aia_asn1.value.select do |authority_info_access| authority_info_access.value.first.value == "caIssuers" end @@ -210,7 +206,7 @@ module OpenSSL return nil if ext.nil? aia_asn1 = ASN1.decode(ext.value_der) - if aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE + if ext.critical? || aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE raise ASN1::ASN1Error, "invalid extension" end |