TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c4a47e3483a00d0d60d5f87a758d3b0ad0d41f30
commitc4a47e3483a00d0d60d5f87a758d3b0ad0d41f30[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Thu Nov 19 09:23:06 2015 +0100
committerManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Thu Nov 19 12:06:45 2015 +0100
tree7c2371f66ca8db889b3a137ea505bf8681864a32
parent6ad4f65780d1afdb4970b957855c1ec68483edd1 [diff]
Fix bug checking pathlen on first intermediate

Remove check on the pathLenConstraint value when looking for a parent to the
EE cert, as the constraint is on the number of intermediate certs below the
parent, and that number is always 0 at that point, so the constraint is always
satisfied.

The check was actually off-by-one, which caused valid chains to be rejected
under the following conditions:
- the parent certificate is not a trusted root, and
- it has pathLenConstraint == 0 (max_pathlen == 1 in our representation)

fixes #280
2 files changed
tree: 7c2371f66ca8db889b3a137ea505bf8681864a32
  1. configs/
  2. doxygen/
  3. include/
  4. library/
  5. programs/
  6. scripts/
  7. tests/
  8. visualc/
  9. .gitignore
  10. .travis.yml
  11. ChangeLog
  12. CMakeLists.txt
  13. DartConfiguration.tcl
  14. LICENSE
  15. Makefile
  16. README.rst