diff options
Diffstat (limited to 'src/crypto/x509/verify.go')
-rw-r--r-- | src/crypto/x509/verify.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go index 29345a1755..67f9ff530e 100644 --- a/src/crypto/x509/verify.go +++ b/src/crypto/x509/verify.go @@ -191,6 +191,10 @@ func matchNameConstraint(domain, constraint string) bool { // isValid performs validity checks on the c. func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *VerifyOptions) error { + if len(c.UnhandledCriticalExtensions) > 0 { + return UnhandledCriticalExtension{} + } + if len(currentChain) > 0 { child := currentChain[len(currentChain)-1] if !bytes.Equal(child.RawIssuer, c.RawSubject) { @@ -279,10 +283,6 @@ func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err e return c.systemVerify(&opts) } - if len(c.UnhandledCriticalExtensions) > 0 { - return nil, UnhandledCriticalExtension{} - } - if opts.Roots == nil { opts.Roots = systemRootsPool() if opts.Roots == nil { |