Searched hist:"72460 f50e2437a85ce5229c430931aab8f4a0d5b" (Results 1 – 1 of 1) sorted by relevance
| /rk3399_ARM-atf/drivers/auth/mbedtls/ |
| H A D | mbedtls_x509_parser.c | 72460f50e2437a85ce5229c430931aab8f4a0d5b Thu Dec 08 20:23:58 UTC 2022 Demi Marie Obenour <demiobenour@gmail.com> fix(auth): require at least one extension to be present
X.509 and RFC5280 allow omitting the extensions entirely, but require
that if the extensions field is present at all, it must contain at least
one certificate. TF-A already requires the extensions to be present,
but allows them to be empty. However, a certificate with an empty
extensions field will always fail later on, as the extensions contain
the information needed to validate the next stage in the boot chain.
Therefore, it is simpler to require the extension field to be present
and contain at least one extension. Also add a comment explaining why
the extensions field is required, even though it is OPTIONAL in the
ASN.1 syntax.
Change-Id: Ie26eed8a7924bf50937a6b27ccdf7cc9a390588d
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
|