mirror of
https://git.suyu.dev/suyu/mbedtls.git
synced 2026-03-26 09:22:58 +00:00
f4569b14c4
Remove check on the pathLenConstraint value when looking for a parent to the EE cert, as the constraint is on the number of intermediate certs below the parent, and that number is always 0 at that point, so the constraint is always satisfied. The check was actually off-by-one, which caused valid chains to be rejected under the following conditions: - the parent certificate is not a trusted root, and - it has pathLenConstraint == 0 (max_pathlen == 1 in our representation) fixes #280
91 KiB
91 KiB