mbedtls_x509_crt_parse_der_with_ext_cb improvement
Continue parsing when the callback fails to parse a non critical
exception. Also document the behaviour more extensively and pass
the callback error code to the caller unaltered.
See https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630548
and https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630968
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 296b472..9a9b397 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -317,9 +317,14 @@
* \param p Pointer to the start of the extension value
* (the content of the OCTET STRING).
* \param end End of extension value.
- *
- * \note The callback must fail and return a negative error code if
- * it can not parse or does not support the extension.
+ *
+ * \note The callback must fail and return a negative error code
+ * if it can not parse or does not support the extension.
+ * When the callback fails to parse a critical extension
+ * mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+ * When the callback fails to parse a non critical extension
+ * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+ * the extension and continues parsing.
*
* \return \c 0 on success.
* \return A negative error code on failure.
@@ -358,6 +363,11 @@
* certificate extension.
* The callback must return a negative error code if it
* does not know how to handle such an extension.
+ * When the callback fails to parse a critical extension
+ * mbedtls_x509_crt_parse_der_with_ext_cb() also fails.
+ * When the callback fails to parse a non critical extension
+ * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips
+ * the extension and continues parsing.
*
* \return \c 0 if successful.
* \return A negative error code on failure.