Fix missing check for RSA key length on EE certs - also adapt tests to use lesser requirement for compatibility with old testing material

commit: 93080dfacf6f6ec7a7fbd37e3622b5fabd69d28a [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Fri Oct 23 14:08:48 2015 +0200
committer: Manuel Pégourié-Gonnard <mpg2@elzevir.fr> Wed Oct 28 13:22:32 2015 +0100
tree: 65f49c6b28c74631ee1e94c50ce3d5e9bea369ae
parent: 94c5e3c6548646a7d43e8d84de6331f500670e5b [diff] [blame]
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 72b02ff..294f36a 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h

@@ -301,8 +301,8 @@
  *                 security profile.
  *
  * \note           The restrictions on keys (RSA minimum size, allowed curves
- *                 for ECDSA) only applys to (intermediate) CAs, not to the
- *                 end-entity certificate.
+ *                 for ECDSA) apply to all certificates: trusted root,
+ *                 intermediate CAs if any, and end entity certificate.
  *
  * \param crt      a certificate to be verified
  * \param trust_ca the trusted CA chain
commit	93080dfacf6f6ec7a7fbd37e3622b5fabd69d28a	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Fri Oct 23 14:08:48 2015 +0200
committer	Manuel Pégourié-Gonnard <mpg2@elzevir.fr>	Wed Oct 28 13:22:32 2015 +0100
tree	65f49c6b28c74631ee1e94c50ce3d5e9bea369ae
parent	94c5e3c6548646a7d43e8d84de6331f500670e5b [diff] [blame]