forked from wolfSSL/wolfssl
CA Certificate Path Length Checking
1. Check the path length between an intermediate CA cert and its signer's path length. 2. Always decode the path length if present and store it in the decoded certificate. 3. Save the path length into the signer list. 4. Path length capped at 127. 5. Added some test certs for checking CA path lengths.
This commit is contained in:
John Safranek
@@ -3155,6 +3155,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
|
||||
signer->pubKeySize = cert->pubKeySize;
|
||||
signer->nameLen = cert->subjectCNLen;
|
||||
signer->name = cert->subjectCN;
|
||||
signer->pathLength = cert->pathLength;
|
||||
signer->pathLengthSet = cert->pathLengthSet;
|
||||
#ifndef IGNORE_NAME_CONSTRAINTS
|
||||
signer->permittedNames = cert->permittedNames;
|
||||
signer->excludedNames = cert->excludedNames;
|
||||
|
||||
Reference in New Issue
Block a user