Remove redundant check and add comment to inform about processing of empty extensions

Netscape Certificate Management System Administrator's Guide: Extension-Specific Policy Modules, Chapter 18: Extension-Specific Policy Modules, Netscape Certificate Type Extension Policy:
> The extension has no default value.

A bitstring with no flags set is still technically valid, as it will mean that the certificate has no designated purpose at the time of creation.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

library/x509.c

@@ -1328,6 +1328,8 @@ int mbedtls_x509_get_ns_cert_type(unsigned char **p,
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
     }
 
+    /* A bitstring with no flags set is still technically valid, as it will mean
+       that the certificate has no designated purpose at the time of creation. */
     if (bs.len == 0) {
         *ns_cert_type = 0;
         return 0;
@@ -1355,16 +1357,13 @@ int mbedtls_x509_get_key_usage(unsigned char **p,
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
     }
 
+    /* A bitstring with no flags set is still technically valid, as it will mean
+       that the certificate has no designated purpose at the time of creation. */
     if (bs.len == 0) {
         *key_usage = 0;
         return 0;
     }
 
-    if (bs.len < 1) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
-                                 MBEDTLS_ERR_ASN1_INVALID_LENGTH);
-    }
-
     /* Get actual bitstring */
     *key_usage = 0;
     for (i = 0; i < bs.len && i < sizeof(unsigned int); i++) {