mirror of
https://github.com/RGBCube/serenity
synced 2025-07-27 06:07:34 +00:00
LibCrypto+LibTLS: Implement Key Usage and Basic Constraints extensions
Root and intermediate CA certificates should have these extensions set to indicate that they are allowed to sign other certificates. The values reported in these extensions is now also checked by `verify_chain` to make sure no non-CA certificates are used to sign another certificate. The certificate parser now also aborts when a critical extension is detected which is unsupported, as is required by the specification.
This commit is contained in:
parent
a6e465fba2
commit
804af863b4
3 changed files with 46 additions and 1 deletions
|
@ -56,6 +56,9 @@ public:
|
|||
CertificateKeyAlgorithm signature_algorithm { CertificateKeyAlgorithm::Unsupported };
|
||||
ByteBuffer signature_value {};
|
||||
ByteBuffer original_asn1 {};
|
||||
bool is_allowed_to_sign_certificate { false };
|
||||
bool is_certificate_authority { false };
|
||||
Optional<size_t> path_length_constraint {};
|
||||
|
||||
static Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false);
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue