• Manuel Pégourié-Gonnard's avatar
    Fix X.509 keysize check with multiple CAs · fa67ebae
    Manuel Pégourié-Gonnard authored
    Assume we have two trusted CAs with the same name, the first uses ECDSA 256
    bits, the second RSA 2048; cert is signed by the second. If we do the keysize
    check before we checked the key types match, we'll raise the badkey flags when
    checking the EC-256 CA and it will remain up even when we finally find the
    correct CA. So, move the check for the key size after signature verification,
    which implicitly checks the key type.
    fa67ebae
Name
Last commit
Last update
configs Loading commit data...
doxygen Loading commit data...
include Loading commit data...
library Loading commit data...
programs Loading commit data...
scripts Loading commit data...
tests Loading commit data...
visualc/VS2010 Loading commit data...
.gitignore Loading commit data...
.travis.yml Loading commit data...
CMakeLists.txt Loading commit data...
ChangeLog Loading commit data...
DartConfiguration.tcl Loading commit data...
LICENSE Loading commit data...
Makefile Loading commit data...
README.rst Loading commit data...