projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ed422a2) | patch
Apply self-imposed path length also to root CAs
authorViktor Dukhovni <openssl-users@dukhovni.org>
Mon, 8 Oct 2018 16:05:14 +0000 (12:05 -0400)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Thu, 18 Oct 2018 04:07:56 +0000 (00:07 -0400)
commitdc5831da59e9bfad61ba425d886a0b06ac160cd6
tree857577d16efd08dac7e6b35ef40e4c94d4e29c3ftree | snapshot
parented422a2d0196ada0f5c1b6e296f4a4e5ed69577fcommit | diff
Apply self-imposed path length also to root CAs

Also, some readers of the code find starting the count at 1 for EE
cert confusing (since RFC5280 counts only non-self-issued intermediate
CAs, but we also counted the leaf).  Therefore, never count the EE
cert, and adjust the path length comparison accordinly.  This may
be more clear to the reader.

Reviewed-by: Matt Caswell <matt@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.