Skip to content
Commit 4d9e33ac authored by Viktor Dukhovni's avatar Viktor Dukhovni
Browse files

Require intermediate CAs to have basicConstraints CA:true. 



Previously, it was sufficient to have certSign in keyUsage when the
basicConstraints extension was missing.  That is still accepted in
a trust anchor, but is no longer accepted in an intermediate CA.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
parent 222e620b
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment