• Manuel Pégourié-Gonnard's avatar
    Fix bug checking pathlen on first intermediate · f4569b14
    Manuel Pégourié-Gonnard authored
    Remove check on the pathLenConstraint value when looking for a parent to the
    EE cert, as the constraint is on the number of intermediate certs below the
    parent, and that number is always 0 at that point, so the constraint is always
    satisfied.
    
    The check was actually off-by-one, which caused valid chains to be rejected
    under the following conditions:
    - the parent certificate is not a trusted root, and
    - it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)
    
    fixes #280
    f4569b14
To find the state of this project's repository at the time of any of these versions, check out the tags.
ChangeLog 90.8 KB