From a0f1c9dbe448eba9b3ea5c22f12bc179fbe7dff5 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Tue, 21 Aug 2018 10:57:04 -0700
Subject: [PATCH] Make the check of the certificate extension critical flag
 optional based on compile option.

---
 wolfcrypt/src/asn.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 836943638..ead6cc66a 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -7000,13 +7000,15 @@ static int DecodeCertExtensions(DecodedCert* cert)
                 break;
 
             default:
+            #ifndef WOLFSSL_NO_ASN_STRICT
                 /* While it is a failure to not support critical extensions,
                  * still parse the certificate ignoring the unsupported
                  * extension to allow caller to accept it with the verify
                  * callback. */
                 if (critical)
                     criticalFail = 1;
-                break;
+            #endif
+            break;
         }
         idx += length;
     }