openssl

wbrawner/openssl

Fork 0

Commit graph

Author	SHA1	Message	Date
Viktor Dukhovni	4d9e33acb2	Require intermediate CAs to have basicConstraints CA:true. Previously, it was sufficient to have certSign in keyUsage when the basicConstraints extension was missing. That is still accepted in a trust anchor, but is no longer accepted in an intermediate CA. Reviewed-by: Rich Salz <rsalz@openssl.org>	2016-03-29 20:54:34 -04:00

Author

SHA1

Message

Date

Viktor Dukhovni

4d9e33acb2

Require intermediate CAs to have basicConstraints CA:true.

Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing.  That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.

Reviewed-by: Rich Salz <rsalz@openssl.org>

2016-03-29 20:54:34 -04:00

1 commit