check AIA extension is critical

author: thekuwayama <thekuwayama@gmail.com> 2019-11-19 14:54:05 +0900
committer: Samuel Williams <samuel.williams@oriontransfer.co.nz> 2019-11-19 18:11:11 +0900
commit: 7498a910d09f6a1299ddfa760ed45d1dee193f4c (patch)
tree: 529b407e8a3b03758d5a74fd6f65b278ebc5e716 /lib
parent: 531782c0dc1e0246ed2accdc9bcd88cb217d6ce4 (diff)
download: ruby-openssl-7498a910d09f6a1299ddfa760ed45d1dee193f4c.tar.gz
1 files changed, 1 insertions, 5 deletions
diff --git a/lib/openssl/x509.rb b/lib/openssl/x509.rb
index 26a757bc..aa29fbe5 100644
--- a/lib/openssl/x509.rb
+++ b/lib/openssl/x509.rb
@@ -177,10 +177,6 @@ module OpenSSL
           aia_asn1 = parse_aia_asn1
           return nil if aia_asn1.nil?
 
-          if aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
-            raise ASN1::ASN1Error, "invalid extension"
-          end
-
           ca_issuer = aia_asn1.value.select do |authority_info_access|
             authority_info_access.value.first.value == "caIssuers"
           end
@@ -210,7 +206,7 @@ module OpenSSL
             return nil if ext.nil?
 
             aia_asn1 = ASN1.decode(ext.value_der)
-            if aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
+            if ext.critical? || aia_asn1.tag_class != :UNIVERSAL || aia_asn1.tag != ASN1::SEQUENCE
               raise ASN1::ASN1Error, "invalid extension"
             end
author	thekuwayama <thekuwayama@gmail.com>	2019-11-19 14:54:05 +0900
committer	Samuel Williams <samuel.williams@oriontransfer.co.nz>	2019-11-19 18:11:11 +0900
commit	7498a910d09f6a1299ddfa760ed45d1dee193f4c (patch)
tree	529b407e8a3b03758d5a74fd6f65b278ebc5e716 /lib
parent	531782c0dc1e0246ed2accdc9bcd88cb217d6ce4 (diff)
download	ruby-openssl-7498a910d09f6a1299ddfa760ed45d1dee193f4c.tar.gz