From 126778679f9edc8ff2de38feddaf84759936939d Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Fri, 12 Jul 2013 09:00:47 +0200
Subject: [PATCH] Recognize critical IssuingDistributionPoint CRL extension

---
 src/libstrongswan/asn1/oid.txt                  | 2 +-
 src/libstrongswan/plugins/openssl/openssl_crl.c | 4 ++++
 src/libstrongswan/plugins/x509/x509_crl.c       | 3 +++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 6030aa111..740dc5073 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -48,7 +48,7 @@
     0x17                     "holdInstructionCode"
     0x18                     "invalidityDate"
     0x1B                     "deltaCrlIndicator"		OID_DELTA_CRL_INDICATOR
-    0x1C                     "issuingDistributionPoint"
+    0x1C                     "issuingDistributionPoint"	OID_ISSUING_DIST_POINT
     0x1D                     "certificateIssuer"
     0x1E                     "nameConstraints"			OID_NAME_CONSTRAINTS
     0x1F                     "crlDistributionPoints"	OID_CRL_DISTRIBUTION_POINTS
diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c
index d4f36f58b..18aa5ceca 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crl.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crl.c
@@ -464,6 +464,10 @@ static bool parse_extensions(private_openssl_crl_t *this)
 				case NID_crl_number:
 					ok = parse_crlNumber_ext(this, ext);
 					break;
+				case NID_issuing_distribution_point:
+					/* TODO support of IssuingDistributionPoints */
+					ok = TRUE;
+					break;
 				default:
 					ok = X509_EXTENSION_get_critical(ext) == 0 ||
 						 !lib->settings->get_bool(lib->settings,
diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c
index 5350d4a51..efb70c94c 100644
--- a/src/libstrongswan/plugins/x509/x509_crl.c
+++ b/src/libstrongswan/plugins/x509/x509_crl.c
@@ -320,6 +320,9 @@ static bool parse(private_x509_crl_t *this)
 						}
 						this->baseCrlNumber = object;
 						break;
+					case OID_ISSUING_DIST_POINT:
+						/* TODO support of IssuingDistributionPoints */
+						break;
 					default:
 						if (critical && lib->settings->get_bool(lib->settings,
 							"libstrongswan.x509.enforce_critical", TRUE))