Skip optional subject/issuer unique IDs

base-org · Dec 8, 2024 · d0899d8 · d0899d8
1 parent e94a3ec
commit d0899d8
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/src/CertManager.sol b/src/CertManager.sol
@@ -129,6 +129,15 @@ contract CertManager is ICertManager {
         Asn1Ptr subjectPublicKeyInfoPtr = certificate.nextSiblingOf(subjectPtr);
         Asn1Ptr extensionsPtr = certificate.nextSiblingOf(subjectPublicKeyInfoPtr);
 
+        if (certificate[extensionsPtr.header()] == 0x81) {
+            // skip optional issuerUniqueID
+            extensionsPtr = certificate.nextSiblingOf(extensionsPtr);
+        }
+        if (certificate[extensionsPtr.header()] == 0x82) {
+            // skip optional subjectUniqueID
+            extensionsPtr = certificate.nextSiblingOf(extensionsPtr);
+        }
+
         notAfter = _verifyValidity(certificate, validityPtr);
         maxPathLen = _verifyExtensions(certificate, extensionsPtr, clientCert);
         pubKey = _parsePubKey(certificate, subjectPublicKeyInfoPtr);