x509: Don't break when cA field of BasicConstraints is missing

The field defaults to FALSE. It sucks that libtasn1 doesn't
fill this in for us.

https://bugs.freedesktop.org/show_bug.cgi?id=61975

diff --git a/common/x509.c b/common/x509.c
index 46e3bd965ef28c87fa5553fb72b4fd3b12c5dea7..f86d2b3498ad4d1c33e78322bc820b51eeb1874b 100644 (file)
--- a/common/x509.c
+++ b/common/x509.c
@@ -122,9 +122,16 @@ p11_x509_parse_basic_constraints (p11_dict *asn1_defs,
 
        len = sizeof (buffer);
        ret = asn1_read_value (ext, "cA", buffer, &len);
-       return_val_if_fail (ret == ASN1_SUCCESS, false);
 
-       *is_ca = (strcmp (buffer, "TRUE") == 0);
+       /* Default value for cA is FALSE */
+       if (ret == ASN1_ELEMENT_NOT_FOUND) {
+               *is_ca = false;
+
+       } else {
+               return_val_if_fail (ret == ASN1_SUCCESS, false);
+               *is_ca = (strcmp (buffer, "TRUE") == 0);
+       }
+
        asn1_delete_structure (&ext);
 
        return true;