From c041863aaa3ab5b2fb50573460dab2da3065ade1 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 6 Jul 2023 11:55:20 +0200 Subject: [PATCH] Code review --- src/internal.c | 3 ++- wolfcrypt/src/asn.c | 13 ++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/internal.c b/src/internal.c index 1b8182918..cb439d870 100644 --- a/src/internal.c +++ b/src/internal.c @@ -12653,7 +12653,8 @@ void DoCertFatalAlert(WOLFSSL* ssl, int ret) alertWhy = bad_certificate; if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) { alertWhy = certificate_expired; - } else if (ret == ASN_NO_SIGNER_E || ret == ASN_PATHLEN_INV_E || + } + else if (ret == ASN_NO_SIGNER_E || ret == ASN_PATHLEN_INV_E || ret == ASN_PATHLEN_SIZE_E) { alertWhy = unknown_ca; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 74d1c6a16..05ca5bd4d 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -22634,13 +22634,12 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) cert->maxPathLen = cert->pathLength; if (!cert->selfSigned) { - if (/* Need to perform a pathlen check on anything that will be used - * to sign certificates later on. Otherwise, pathLen doesn't - * mean anything. */ - type != CERT_TYPE && cert->isCA && cert->extKeyUsageSet && - (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) != 0 && - /* Nothing to check if we don't have the issuer of this cert. */ - cert->ca) { + /* Need to perform a pathlen check on anything that will be used + * to sign certificates later on. Otherwise, pathLen doesn't + * mean anything. + * Nothing to check if we don't have the issuer of this cert. */ + if (type != CERT_TYPE && cert->isCA && cert->extKeyUsageSet && + (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) != 0 && cert->ca) { if (cert->ca->maxPathLen == 0) { /* This cert CAN NOT be used as an intermediate cert. The * issuer does not allow it. */