Set a compile-time limit to X.509 chain length

2026-03-09 11:32:56 +00:00 · 2014-11-20 16:34:20 +01:00
parent 89d69b398c
commit fd6c85c3eb
4 changed files with 24 additions and 0 deletions
--- a/2
+++ b/2
@@ -16,6 +16,8 @@ Security
 Features
   * Add function pk_check_pair() to test if public and private keys match.
   * Add x509_crl_parse_der().
+   * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
+     length of an X.509 verification chain.

 Bugfix
   * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found