TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 565b52bb727a81b82ad07a9bcca5ca033b554a24^! / . / library / x509_crt.c
commit565b52bb727a81b82ad07a9bcca5ca033b554a24[log] [tgz]
authorNicola Di Lieto <nicola.dilieto@gmail.com>Fri May 29 22:46:56 2020 +0200
committerNicola Di Lieto <nicola.dilieto@gmail.com>Fri May 29 23:09:47 2020 +0200
treed20b091276459dab277f7a0bd72f4b3f89e8a2f4
parent5659e7e8896186fcae67af773708059894e60772 [diff] [blame]
mbedtls_x509_crt_parse_der_with_ext_cb improvement

Continue parsing when the callback fails to parse a non critical
exception. Also document the behaviour more extensively and pass
the callback error code to the caller unaltered.

See https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630548
and https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630968

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 99d3be2..490b524 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c

@@ -961,8 +961,8 @@
             if( cb != NULL )
             {
                 ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet );
-                if( ret != 0 )
-                    return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
+                if( ret != 0 && is_critical )
+                    return( ret );
                 *p = end_ext_octet;
                 continue;
             }