mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-12-06 12:00:59 +03:00
f4569b14c4
Remove check on the pathLenConstraint value when looking for a parent to the EE cert, as the constraint is on the number of intermediate certs below the parent, and that number is always 0 at that point, so the constraint is always satisfied. The check was actually off-by-one, which caused valid chains to be rejected under the following conditions: - the parent certificate is not a trusted root, and - it has pathLenConstraint == 0 (max_pathlen == 1 in our representation) fixes #280
68 KiB
68 KiB