Apply self-imposed path length also to root CAs
Also, some readers of the code find starting the count at 1 for EE cert confusing (since RFC5280 counts only non-self-issued intermediate CAs, but we also counted the leaf). Therefore, never count the EE cert, and adjust the path length comparison accordinly. This may be more clear to the reader. Reviewed-by:Matt Caswell <matt@openssl.org> (cherry picked from commit dc5831da)
Please register or sign in to comment