Hi All,
I am Ramanujan. I am using openssl code version 0.9.7l in our application.
While doing crl verification, the ssl handshake failed. After debugging the
openssl code, I found that the openssl code does not handle critical
extensions.
Here is the code snippet
exts = crl->crl->extensions;
for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
{
ext = sk_X509_EXTENSION_value(exts, idx);
if (ext->critical > 0)
{
ctx->error =
X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
// fprintf(fp2,"INST: Unhandled CRL extensions %s", ctime(&now));
ok = ctx->verify_cb(0, ctx);
if(!ok) return 0;
break;
}
}
Is this the expected behaviour, since openssl is unable to process the crl
file with critical extensions.
Why are we not handling crl file with critical extensions. Is there any
reason behind this?
Do you have fix for this in the latest version of openssl code. Please
clarify..
Thanks,
Ramanujan
