projects / oweals / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 222e620) | patch
Require intermediate CAs to have basicConstraints CA:true.
authorViktor Dukhovni <openssl-users@dukhovni.org>
Tue, 29 Mar 2016 23:40:03 +0000 (19:40 -0400)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Wed, 30 Mar 2016 00:54:34 +0000 (20:54 -0400)
commit4d9e33acb23472566ba0ae15d63c5562a0abf7a2
treea79010c6b91ba916cc001c9388661d6c57e3f735tree | snapshot
parent222e620baf5a55b251e716df955ce0db53c48b3bcommit | diff
Require intermediate CAs to have basicConstraints CA:true.

Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing.  That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.

Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/x509/x509_vfy.c diff | blob | history
test/certs/ca-nonbc.pem [new file with mode: 0644] blob
test/certs/mkcert.sh diff | blob | history
test/certs/setup.sh diff | blob | history
test/recipes/25-test_verify.t diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.