From 0c5af0c28f23f75f93e253aeccb00c5ad20c116e Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Wed, 23 Apr 2014 12:31:35 +0200 Subject: Update OpenSSL to 1.0.1g --- main/openssl/crypto/x509/x509_vfy.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'main/openssl/crypto/x509/x509_vfy.c') diff --git a/main/openssl/crypto/x509/x509_vfy.c b/main/openssl/crypto/x509/x509_vfy.c index 5195ffef..920066ae 100644 --- a/main/openssl/crypto/x509/x509_vfy.c +++ b/main/openssl/crypto/x509/x509_vfy.c @@ -1462,10 +1462,9 @@ static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) * a certificate was revoked. This has since been changed since * critical extension can change the meaning of CRL entries. */ - if (crl->flags & EXFLAG_CRITICAL) + if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) + && (crl->flags & EXFLAG_CRITICAL)) { - if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL) - return 1; ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION; ok = ctx->verify_cb(0, ctx); if(!ok) -- cgit v1.2.3