Commit 16bad0c7 authored by Nikos Mavrogiannopoulos's avatar Nikos Mavrogiannopoulos
Browse files

decoding: added flag ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME



This flag allows decoding errors in time fields even when
in strict DER mode. That is introduced in order to allow
toleration of invalid times in certificates (which are common)
even though strict DER adherence is enforced in other fields.
Signed-off-by: Nikos Mavrogiannopoulos's avatarNikos Mavrogiannopoulos <nmav@redhat.com>
parent 42ca3d7d
......@@ -332,7 +332,7 @@ _asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *r
return ASN1_TIME_ENCODING_ERROR;
}
if (flags & ASN1_DECODE_FLAG_STRICT_DER)
if ((flags & ASN1_DECODE_FLAG_STRICT_DER) && !(flags & ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME))
{
p = &der[len_len];
for (i=0;i<(unsigned)(str_len-1);i++)
......
......@@ -191,6 +191,8 @@ extern "C"
#define ASN1_DECODE_FLAG_ALLOW_PADDING 1
/* This flag would ensure that no BER decoding takes place */
#define ASN1_DECODE_FLAG_STRICT_DER (1<<1)
/* This flag will tolerate Time encoding errors when in strict DER */
#define ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME (1<<2)
struct asn1_data_node_st
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment