Merge pull request #1773 from ejohnstown/critical-option

Certificate Extension Critical Check Optionality
2018-08-23 08:21:19 -07:00 · 2018-08-23 08:21:19 -07:00 · 8477d5ba1b
parent 5ce1757e05 a0f1c9dbe4
commit 8477d5ba1b
1 changed files with 3 additions and 1 deletions
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@ -7000,13 +7000,15 @@ static int DecodeCertExtensions(DecodedCert* cert)
                break;

            default:
+            #ifndef WOLFSSL_NO_ASN_STRICT
                /* While it is a failure to not support critical extensions,
                 * still parse the certificate ignoring the unsupported
                 * extension to allow caller to accept it with the verify
                 * callback. */
                if (critical)
                    criticalFail = 1;
-                break;
+            #endif
+            break;
        }
        idx += length;
    }