Require intermediate CAs to have basicConstraints CA:true.
Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing. That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Showing
test/certs/ca-nonbc.pem
0 → 100644
想要评论请 注册 或 登录