mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 16:10:52 +02:00
359fb7ecbd
test_dtls13_oversized_cert_chain (added upstream in 1653ecd07) loaded a >9-cert chain to exercise SendTls13Certificate's word16 overflow guard. This PR now rejects over-MAX_CHAIN_DEPTH chains at load in ProcessUserChain, so the chain never reaches the send path; the load-time rejection is covered by test_wolfSSL_CTX_use_certificate_chain_buffer_max_depth. The word16 send guard remains as defense-in-depth (now only reachable via large PQC chains).
Before creating any new configure files (.conf) read the CONF_FILES_README.md