| From d5cbe3484248ee5f44543b1b50604bcd5739cc85 Mon Sep 17 00:00:00 2001 |
| From: Darren Krahn <dkrahn@google.com> |
| Date: Fri, 10 Jul 2020 17:03:57 -0700 |
| Subject: [PATCH] Mark basic constraints critical as appropriate. |
| |
| Per RFC 5280 4.2.1.9 if the 'cA' field is set to true, the extension |
| must be marked critical. |
| --- |
| library/x509write_crt.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| diff --git a/library/x509write_crt.c b/library/x509write_crt.c |
| index 32c655096..498b8b0a0 100644 |
| --- a/library/x509write_crt.c |
| +++ b/library/x509write_crt.c |
| @@ -163,7 +163,7 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx, |
| return( |
| mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS, |
| MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ), |
| - 0, buf + sizeof(buf) - len, len ) ); |
| + is_ca, buf + sizeof(buf) - len, len ) ); |
| } |
| |
| #if defined(MBEDTLS_SHA1_C) |
| -- |
| 2.29.0.rc1.297.gfa9743e501-goog |
| |