lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #4581 from TRodziewicz/remove_supp_for_extensions_in_pre-v3_X.509_certs

Browse Source 
Remove MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 option
This commit is contained in:
Manuel Pégourié-Gonnard
2021-06-02 13:48:03 +02:00
committed by GitHub
parent df77624ab5 231649a020
commit 1b1327cc0d
5 changed files with 22 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/3.0-migration-guide.d/remove_supp_for_extensions_in_pre-v3_X_509_certs.md Normal file
View File

@ -0,0 +1,14 @@
Remove the `MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3` option
--
This change does not affect users who were using the default configuration, as
this option was already disabled by default. Also, it does not affect users who
are working with current V3 X.509 certificates.
Extensions were added in V3 of the X.509 specification, so pre-V3 certificates
containing extensions were never compliant. Mbed TLS now rejects them with a
parsing error in all configurations, as it did previously in the default
configuration.
If you are working with the pre-V3 certificates you need to switch to the
current ones.