From 6f9829e498768c5e4233770e385ec8c3df5ba8d4 Mon Sep 17 00:00:00 2001 From: awnuk Date: Thu, 3 Sep 2009 18:53:24 +0000 Subject: Fixed bugzilla bug #514270. git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@787 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- .../src/netscape/security/x509/X509CRLImpl.java | 25 ++++++++++++---------- 1 file changed, 14 insertions(+), 11 deletions(-) (limited to 'pki/base/util/src') diff --git a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java index 351ed1c70..8e74af6d2 100755 --- a/pki/base/util/src/netscape/security/x509/X509CRLImpl.java +++ b/pki/base/util/src/netscape/security/x509/X509CRLImpl.java @@ -1019,18 +1019,21 @@ public class X509CRLImpl extends X509CRL { // revokedCertificates (optional) nextByte = (byte)derStrm.peekByte(); - if (includeEntries && (nextByte == DerValue.tag_SequenceOf) + if ((nextByte == DerValue.tag_SequenceOf) && (! ((nextByte & 0x0c0) == 0x080))) { - DerValue[] badCerts = derStrm.getSequence(4); - for (int i = 0; i < badCerts.length; i++) { - RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]); - if (entry.hasExtensions() && (version == 0)) - throw new CRLException("Invalid encoding, extensions" + - " not supported in CRL v1 entries."); - - - revokedCerts.put(entry.getSerialNumber(), - (RevokedCertificate)entry); + if (includeEntries) { + DerValue[] badCerts = derStrm.getSequence(4); + for (int i = 0; i < badCerts.length; i++) { + RevokedCertImpl entry = new RevokedCertImpl(badCerts[i]); + if (entry.hasExtensions() && (version == 0)) + throw new CRLException("Invalid encoding, extensions" + + " not supported in CRL v1 entries."); + + revokedCerts.put(entry.getSerialNumber(), + (RevokedCertificate)entry); + } + } else { + derStrm.skipSequence(4); } } -- cgit