Google Git
Sign in
android / platform / external / boringssl / b010c2ec82901588f818573f418e07a3217f3f7a
commitb010c2ec82901588f818573f418e07a3217f3f7a[log] [tgz]
authorAdam Langley <agl@google.com>Tue Jul 31 16:42:31 2018 -0700
committerAdam Vartanian <flooey@google.com>Fri Nov 16 15:11:30 2018 +0000
tree8d2bd736020a92deeae99c5ee0eb28e7d7689d85
parent6dd53473092c9b3a9eabb20beaafd849057093ad [diff]
Require basicConstraints cA flag in intermediate certs.

OpenSSL 1.0.2 (and thus BoringSSL) accepts keyUsage certSign or a
Netscape CA certificate-type in lieu of basicConstraints in an
intermediate certificate (unless X509_V_FLAG_X509_STRICT) is set.

Bug: 111893041
Test: cts -m CtsLibcoreTestCases
Merged-In: I47a45e6b6f46b19fcbcb6c917895867d56dcd2ca
Change-Id: I8adaa7547fdffd849087e4401bc3c258bbcd82f2
Update-Note: This change tightens the code so that basicConstraints is required for intermediate certificates when verifying chains. This was previously only enabled if X509_V_FLAG_X509_STRICT was set, but that flag also has other effects.
4 files changed
tree: 8d2bd736020a92deeae99c5ee0eb28e7d7689d85
  1. ios-aarch64/
  2. ios-arm/
  3. linux-aarch64/
  4. linux-arm/
  5. linux-ppc64le/
  6. linux-x86/
  7. linux-x86_64/
  8. mac-x86/
  9. mac-x86_64/
  10. src/
  11. win-x86/
  12. win-x86_64/
  13. includesrc/include
  14. Android.bp
  15. AndroidTest.xml
  16. BORINGSSL_REVISION
  17. crypto-sources.mk
  18. crypto_test_data.cc
  19. err_data.c
  20. eureka.mk
  21. MODULE_LICENSE_BSD_LIKE
  22. NOTICE
  23. OWNERS
  24. rules.mk
  25. sources.bp
  26. sources.mk
  27. UPDATING