lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

Set a compile-time limit to X.509 chain length

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2014-11-20 16:34:20 +01:00
parent 89d69b398c
commit fd6c85c3eb
4 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
library/x509_crt.c
View File

@@ -1834,6 +1834,13 @@ static int x509_crt_verify_child(
x509_crt *grandparent;
const md_info_t *md_info;
/* path_cnt is 0 for the first intermediate CA */
if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA )
{
*flags |= BADCERT_NOT_TRUSTED;
return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
}
if( x509_time_expired( &child->valid_to ) )
*flags |= BADCERT_EXPIRED;