sharpetronics/strongswan
1
0
Fork 0
mirror of https://github.com/strongswan/strongswan.git synced 2025-10-04 00:00:14 -04:00
Code Issues Projects Releases Wiki Activity

x509: Ensure extensions are encoded even if others are missing

Browse Source 
As with the previous commit, this is probably never an issue in practice
as most certificates contain at least one SAN.
This commit is contained in:
Tobias Brunner 2023-11-15 17:08:46 +01:00
parent ba08e01b86
commit 74ae71d2b8
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/libstrongswan/plugins/x509/x509_cert.c
View File

@ -2635,8 +2635,12 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert,
asn1_simple_object(ASN1_OCTET_STRING, chunk_empty));
}
if (basicConstraints.ptr || subjectAltNames.ptr || authKeyIdentifier.ptr ||
crlDistributionPoints.ptr || nameConstraints.ptr || ipAddrBlocks.ptr)
if (basicConstraints.ptr || keyUsage.ptr || subjectKeyIdentifier.ptr ||
authKeyIdentifier.ptr || subjectAltNames.ptr || extendedKeyUsage.ptr ||
crlDistributionPoints.ptr || authorityInfoAccess.ptr ||
nameConstraints.ptr || certPolicies.ptr || policyMappings.ptr ||
policyConstraints.ptr || inhibitAnyPolicy.ptr || ipAddrBlocks.ptr ||
criticalExtension.ptr)
{
extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m",
asn1_wrap(ASN1_SEQUENCE, "mmmmmmmmmmmmmmm",