Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / 6dd53473092c9b3a9eabb20beaafd849057093ad
commit6dd53473092c9b3a9eabb20beaafd849057093ad[log] [tgz]
authorAdam Langley <agl@google.com>Tue Jul 31 16:19:17 2018 -0700
committerAdam Vartanian <flooey@google.com>Fri Nov 16 15:07:08 2018 +0000
treecfa514a6cf97a4720ed476d937fc4feff1a5abb5
parentd494bf0220b56b302497738b294d836da2415df1 [diff]
Add X509_V_FLAG_REQUIRE_CA_BASIC_CONSTRAINTS.

This change adds a new flag, X509_V_FLAG_REQUIRE_CA_BASIC_CONSTRAINTS,
which causes basicConstraints with isCA to be required for intermediate
CA certificates. Without this, intermediates are also acceptable if
they're missing basicConstraints, but include either a certSign
keyUsage, or a CA Netscape certificate type.

This is a short-term change for patching. I'll undo a lot of it and make
this the default in the next change.

Bug: 111893041
Test: cts -m CtsLibcoreTestCases
Merged-In: I47a45e6b6f46b19fcbcb6c917895867d56dcd2ca
Change-Id: I9eaf0fa61141627da607a329974111c0f8841508
3 files changed
tree: cfa514a6cf97a4720ed476d937fc4feff1a5abb5
  1. ios-aarch64/
  2. ios-arm/
  3. linux-aarch64/
  4. linux-arm/
  5. linux-ppc64le/
  6. linux-x86/
  7. linux-x86_64/
  8. mac-x86/
  9. mac-x86_64/
  10. src/
  11. win-x86/
  12. win-x86_64/
  13. includesrc/include
  14. Android.bp
  15. AndroidTest.xml
  16. BORINGSSL_REVISION
  17. crypto-sources.mk
  18. crypto_test_data.cc
  19. err_data.c
  20. eureka.mk
  21. MODULE_LICENSE_BSD_LIKE
  22. NOTICE
  23. OWNERS
  24. rules.mk
  25. sources.bp
  26. sources.mk
  27. UPDATING