diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c
index 71ac6b95b..76b6ba159 100644
--- a/src/tls/x509v3.c
+++ b/src/tls/x509v3.c
@@ -852,6 +852,12 @@ static int x509_parse_ext_basic_constraints(struct x509_certificate *cert,
 				   hdr.length);
 			return -1;
 		}
+		if (hdr.payload[0] != 0 && hdr.payload[0] != 0xff) {
+			wpa_printf(MSG_DEBUG,
+				   "X509: Invalid cA BOOLEAN value 0x%x in BasicConstraints (DER requires 0 or 0xff)",
+				   hdr.payload[0]);
+			return -1;
+		}
 		cert->ca = hdr.payload[0];
 
 		pos = hdr.payload + hdr.length;
@@ -1312,6 +1318,12 @@ static int x509_parse_extension(struct x509_certificate *cert,
 				   "Boolean length (%u)", hdr.length);
 			return -1;
 		}
+		if (hdr.payload[0] != 0 && hdr.payload[0] != 0xff) {
+			wpa_printf(MSG_DEBUG,
+				   "X509: Invalid critical BOOLEAN value 0x%x in Extension (DER requires 0 or 0xff)",
+				   hdr.payload[0]);
+			return -1;
+		}
 		critical_ext = hdr.payload[0];
 		pos = hdr.payload;
 		if (asn1_get_next(pos, end - pos, &hdr) < 0 ||