Correctly find all critical CRL extensions

Unhandled critical CRL extensions were not detected if they appeared after the handled ones. (GitHub issue 1757). Thanks to John Chuah for reporting this. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1769)
author: Rich Salz <rsalz@openssl.org> 2016-10-22 03:53:47 -0400
committer: Rich Salz <rsalz@openssl.org> 2016-10-22 03:53:47 -0400
commit: 3ade92e785bb3777c92332f88e23f6ce906ee260 (patch)
tree: a1cd3880b5be3e2f3c9a4e6cd63ebb7e6e4622f8 /crypto
parent: 45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 (diff)
download: openssl-new-3ade92e785bb3777c92332f88e23f6ce906ee260.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/crypto/asn1/x_crl.c b/crypto/asn1/x_crl.c
index 027950330d..c78ded89ef 100644
--- a/crypto/asn1/x_crl.c
+++ b/crypto/asn1/x_crl.c
@@ -254,6 +254,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
         for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
             int nid;
+
             ext = sk_X509_EXTENSION_value(exts, idx);
             nid = OBJ_obj2nid(ext->object);
             if (nid == NID_freshest_crl)
@@ -263,7 +264,7 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                 if ((nid == NID_issuing_distribution_point)
                     || (nid == NID_authority_key_identifier)
                     || (nid == NID_delta_crl))
-                    break;;
+                    continue;
                 crl->flags |= EXFLAG_CRITICAL;
                 break;
             }
author	Rich Salz <rsalz@openssl.org>	2016-10-22 03:53:47 -0400
committer	Rich Salz <rsalz@openssl.org>	2016-10-22 03:53:47 -0400
commit	3ade92e785bb3777c92332f88e23f6ce906ee260 (patch)
tree	a1cd3880b5be3e2f3c9a4e6cd63ebb7e6e4622f8 /crypto
parent	45f4761fdbb7b47a92ee5ed94e5485fb6218f3f5 (diff)
download	openssl-new-3ade92e785bb3777c92332f88e23f6ce906ee260.tar.gz