diff options
Diffstat (limited to 'src/lib/libcrypto/x509/x509_purp.c')
| -rw-r--r-- | src/lib/libcrypto/x509/x509_purp.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c index 4d833f73ba..ffd986b4a1 100644 --- a/src/lib/libcrypto/x509/x509_purp.c +++ b/src/lib/libcrypto/x509/x509_purp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_purp.c,v 1.14 2022/04/21 04:24:51 tb Exp $ */ | 1 | /* $OpenBSD: x509_purp.c,v 1.15 2022/04/21 04:48:12 tb Exp $ */ |
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| 3 | * project 2001. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| @@ -600,9 +600,13 @@ x509v3_cache_extensions(X509 *x) | |||
| 600 | x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL); | 600 | x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL); |
| 601 | if (x->rfc3779_addr == NULL && i != -1) | 601 | if (x->rfc3779_addr == NULL && i != -1) |
| 602 | x->ex_flags |= EXFLAG_INVALID; | 602 | x->ex_flags |= EXFLAG_INVALID; |
| 603 | if (!X509v3_addr_is_canonical(x->rfc3779_addr)) | ||
| 604 | x->ex_flags |= EXFLAG_INVALID; | ||
| 603 | x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, &i, NULL); | 605 | x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, &i, NULL); |
| 604 | if (x->rfc3779_asid == NULL && i != -1) | 606 | if (x->rfc3779_asid == NULL && i != -1) |
| 605 | x->ex_flags |= EXFLAG_INVALID; | 607 | x->ex_flags |= EXFLAG_INVALID; |
| 608 | if (!X509v3_asid_is_canonical(x->rfc3779_asid)) | ||
| 609 | x->ex_flags |= EXFLAG_INVALID; | ||
| 606 | #endif | 610 | #endif |
| 607 | 611 | ||
| 608 | for (i = 0; i < X509_get_ext_count(x); i++) { | 612 | for (i = 0; i < X509_get_ext_count(x); i++) { |