diff options
author | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-09-03 18:53:24 +0000 |
---|---|---|
committer | awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-09-03 18:53:24 +0000 |
commit | 6f9829e498768c5e4233770e385ec8c3df5ba8d4 (patch) | |
tree | 5207ff8ae02a22406c9a3f4396e9adc83d111e8a | |
parent | 9cd3061f3ba41bf49afa0bb4d2bfa0a0a97d775e (diff) | |
download | pki-6f9829e498768c5e4233770e385ec8c3df5ba8d4.tar.gz pki-6f9829e498768c5e4233770e385ec8c3df5ba8d4.tar.xz pki-6f9829e498768c5e4233770e385ec8c3df5ba8d4.zip |
Fixed bugzilla bug #514270.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@787 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
-rwxr-xr-x | pki/base/util/src/netscape/security/x509/X509CRLImpl.java | 25 |
1 files changed, 14 insertions, 11 deletions
diff --git a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java index 351ed1c70..8e74af6d2 100755 --- a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java +++ b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java @@ -1019,18 +1019,21 @@ public class X509CRLImpl extends X509CRL { // revokedCertificates (optional) nextByte = (byte)derStrm.peekByte(); - if (includeEntries && (nextByte == DerValue.tag_SequenceOf) + if ((nextByte == DerValue.tag_SequenceOf) && (! ((nextByte & 0x0c0) == 0x080))) { - DerValue[] badCerts = derStrm.getSequence(4); - for (int i = 0; i < badCerts.length; i++) { - RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]); - if (entry.hasExtensions() && (version == 0)) - throw new CRLException("Invalid encoding, extensions" + - " not supported in CRL v1 entries."); - - - revokedCerts.put(entry.getSerialNumber(), - (RevokedCertificate)entry); + if (includeEntries) { + DerValue[] badCerts = derStrm.getSequence(4); + for (int i = 0; i < badCerts.length; i++) { + RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]); + if (entry.hasExtensions() && (version == 0)) + throw new CRLException("Invalid encoding, extensions" + + " not supported in CRL v1 entries."); + + revokedCerts.put(entry.getSerialNumber(), + (RevokedCertificate)entry); + } + } else { + derStrm.skipSequence(4); } } |