projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bb69239) | patch
Apply self-imposed path length also to root CAs
authorViktor Dukhovni <openssl-users@dukhovni.org>
Mon, 8 Oct 2018 16:05:14 +0000 (12:05 -0400)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 18 Oct 2018 04:10:04 +0000 (00:10 -0400)
commita190ea8ad7f2405d1a6245e59481fb6e3d0f60d2
treece56988fa6b8bd05b2d950dd8c6f757bc56ae15ftree | snapshot
parentbb6923945ee61b024c841f8131416c3c35cc9746commit | diff
Apply self-imposed path length also to root CAs

Also, some readers of the code find starting the count at 1 for EE
cert confusing (since RFC5280 counts only non-self-issued intermediate
CAs, but we also counted the leaf).  Therefore, never count the EE
cert, and adjust the path length comparison accordinly.  This may
be more clear to the reader.

Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit dc5831da59e9bfad61ba425d886a0b06ac160cd6)
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.