Suyu/mbedtls
1
0
Fork 0
mirror of https://git.suyu.dev/suyu/mbedtls.git synced 2025-12-23 15:55:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Set a compile-time limit to X.509 chain length

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-11-20 16:34:20 +01:00
parent 89d69b398c
commit fd6c85c3eb
4 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
library/x509_crt.c
View file

@ -1834,6 +1834,13 @@ static int x509_crt_verify_child(
x509_crt *grandparent;
const md_info_t *md_info;
/* path_cnt is 0 for the first intermediate CA */
if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA )
{
*flags |= BADCERT_NOT_TRUSTED;
return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
}
if( x509_time_expired( &child->valid_to ) )
*flags |= BADCERT_EXPIRED;