Skip to content

reject crls with unrecognized critical extensions#10239

Open
gasbytes wants to merge 1 commit intowolfSSL:masterfrom
gasbytes:crl-idp-extension-fix
Open

reject crls with unrecognized critical extensions#10239
gasbytes wants to merge 1 commit intowolfSSL:masterfrom
gasbytes:crl-idp-extension-fix

Conversation

@gasbytes
Copy link
Copy Markdown
Contributor

@gasbytes gasbytes commented Apr 16, 2026

Description

reject crls with unrecognized critical extensions per rfc 5280 section 5.2

Fixes zd#21634

Testing

make -j8 && make check (changes includes two tests covering the appropriate involved paths)

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

julek-wolfssl
julek-wolfssl requested changes Apr 16, 2026
View reviewed changes
Comment thread wolfcrypt/src/asn_orig.c Outdated
WOLFSSL_MSG("\tfound optional critical flag, moving past");
ret = GetBoolean(buf, &idx, sz);
{
int critical = 0;
Copy link
Copy Markdown
Member

@julek-wolfssl julek-wolfssl Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Place at start of block. Less blocks please.

Comment thread tests/api/test_certman.c
Copy link
Copy Markdown
Member

@julek-wolfssl julek-wolfssl Apr 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the validity time for these CRLs? How were they generated? When will they or the certs they are signed by expire?

@gasbytes gasbytes removed the request for review from rizlik April 16, 2026 18:29
@gasbytes gasbytes force-pushed the crl-idp-extension-fix branch from 1929fe3 to 3bee038 Compare April 16, 2026 18:46
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 16, 2026
edited
Loading

MemBrowse Memory Report

No memory changes detected for:

@gasbytes gasbytes force-pushed the crl-idp-extension-fix branch from 3bee038 to 09e2347 Compare April 16, 2026 19:24
@gasbytes
Copy link
Copy Markdown
Contributor Author

gasbytes commented Apr 16, 2026

Jenkins retest this please

@gasbytes gasbytes requested a review from julek-wolfssl April 16, 2026 20:57
@gasbytes gasbytes assigned wolfSSL-Bot and unassigned gasbytes Apr 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julek-wolfssl julek-wolfssl Awaiting requested review from julek-wolfssl

Requested changes must be addressed to merge this pull request.

Assignees

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gasbytes @julek-wolfssl @wolfSSL-Bot