Fixed bugzilla bug #514270.

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@787 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-09-03 18:53:24 +0000
committer: awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2009-09-03 18:53:24 +0000
commit: 6f9829e498768c5e4233770e385ec8c3df5ba8d4 (patch)
tree: 5207ff8ae02a22406c9a3f4396e9adc83d111e8a /pki/base/util/src/netscape/security
parent: 9cd3061f3ba41bf49afa0bb4d2bfa0a0a97d775e (diff)
download: pki-6f9829e498768c5e4233770e385ec8c3df5ba8d4.tar.gz
pki-6f9829e498768c5e4233770e385ec8c3df5ba8d4.tar.xz
pki-6f9829e498768c5e4233770e385ec8c3df5ba8d4.zip
1 files changed, 14 insertions, 11 deletions
diff --git a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java
index 351ed1c70..8e74af6d2 100755
--- a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java
+++ b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java
@@ -1019,18 +1019,21 @@ public class X509CRLImpl extends X509CRL {
 
         // revokedCertificates (optional)
         nextByte = (byte)derStrm.peekByte();
-        if (includeEntries && (nextByte == DerValue.tag_SequenceOf)
+        if ((nextByte == DerValue.tag_SequenceOf)
             && (! ((nextByte & 0x0c0) == 0x080))) {
-            DerValue[] badCerts = derStrm.getSequence(4);
-            for (int i = 0; i < badCerts.length; i++) {
-                RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]);
-                if (entry.hasExtensions() && (version == 0))
-                    throw new CRLException("Invalid encoding, extensions" +
-                        " not supported in CRL v1 entries.");
-
-
-                revokedCerts.put(entry.getSerialNumber(),
-                                 (RevokedCertificate)entry);
+            if (includeEntries) {
+                DerValue[] badCerts = derStrm.getSequence(4);
+                for (int i = 0; i < badCerts.length; i++) {
+                    RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]);
+                    if (entry.hasExtensions() && (version == 0))
+                        throw new CRLException("Invalid encoding, extensions" +
+                            " not supported in CRL v1 entries.");
+
+                    revokedCerts.put(entry.getSerialNumber(),
+                                     (RevokedCertificate)entry);
+                }
+            } else {
+                derStrm.skipSequence(4);
             }
         }
author	awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-09-03 18:53:24 +0000
committer	awnuk <awnuk@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2009-09-03 18:53:24 +0000
commit	6f9829e498768c5e4233770e385ec8c3df5ba8d4 (patch)
tree	5207ff8ae02a22406c9a3f4396e9adc83d111e8a /pki/base/util/src/netscape/security
parent	9cd3061f3ba41bf49afa0bb4d2bfa0a0a97d775e (diff)
download	pki-6f9829e498768c5e4233770e385ec8c3df5ba8d4.tar.gz pki-6f9829e498768c5e4233770e385ec8c3df5ba8d4.tar.xz pki-6f9829e498768c5e4233770e385ec8c3df5ba8d4.zip