From 94a6796179e1a958a2e2e89faca7801f759aea3e Mon Sep 17 00:00:00 2001
From: Paul Bakker <p.j.bakker@polarssl.org>
Date: Thu, 23 Aug 2012 13:03:52 +0000
Subject: [PATCH]  - Correctly handle MS certificate's key usage bits

---
 library/x509parse.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/x509parse.c b/library/x509parse.c
index 1ed3fdc12..3513f1b34 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -765,7 +765,7 @@ static int x509_get_key_usage( unsigned char **p,
     if( ( ret = asn1_get_bitstring( p, end, &bs ) ) != 0 )
         return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS + ret );
 
-    if( bs.len > 1 )
+    if( bs.len < 1 )
         return( POLARSSL_ERR_X509_CERT_INVALID_EXTENSIONS +
                 POLARSSL_ERR_ASN1_INVALID_LENGTH );