From 68ebb051e59b28debdbd28502660310efff333b9 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Mon, 4 Apr 2022 15:19:17 -0600
Subject: [PATCH] allow up to and including CTC_MAX_SKID_SIZE (32 byte hash)

---
 src/ssl.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/ssl.c b/src/ssl.c
index 57937f447..0f69eae3f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -44499,7 +44499,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
         cert->isCA    = wolfSSL_X509_get_isCA(x509);
 
     #ifdef WOLFSSL_CERT_EXT
-        if (x509->subjKeyIdSz < CTC_MAX_SKID_SIZE) {
+        if (x509->subjKeyIdSz <= CTC_MAX_SKID_SIZE) {
             if (x509->subjKeyId) {
                 XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
             }