Blame SOURCES/0010-Set-all-bits-to-1-in-local-CA-Basic-Constraint-to-se.patch
|
 |
1495bf |
From c4b456b2c7515fd896d2806d70f3ebc86c7a85ac Mon Sep 17 00:00:00 2001
|
|
|
1495bf |
From: Rob Crittenden <rcritten@redhat.com>
|
|
|
1495bf |
Date: Mon, 5 Mar 2018 10:18:38 -0500
|
|
|
1495bf |
Subject: [PATCH] Set all bits to 1 in local CA Basic Constraint to set TRUE
|
|
|
1495bf |
|
|
|
1495bf |
This was previously using the value of 1 which OpenSSL didn't
|
|
|
1495bf |
have an issue with but NSS is stricter when it comes to DER
|
|
|
1495bf |
encoding. Section 11.1 in X.690 requires that DER boolean set
|
|
|
1495bf |
all bits to 1 to indicate TRUE.
|
|
|
1495bf |
---
|
|
|
1495bf |
src/local.c | 2 +-
|
|
|
1495bf |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
1495bf |
|
|
|
1495bf |
diff --git a/src/local.c b/src/local.c
|
|
|
1495bf |
index 8450c9b5..48a9e360 100644
|
|
|
1495bf |
--- a/src/local.c
|
|
|
1495bf |
+++ b/src/local.c
|
|
|
1495bf |
@@ -85,7 +85,7 @@ set_ca_extensions(void *parent, X509_REQ *req, EVP_PKEY *key)
|
|
|
1495bf |
exts = sk_X509_EXTENSION_new(NULL);
|
|
|
1495bf |
|
|
|
1495bf |
memset(&basic, 0, sizeof(basic));
|
|
|
1495bf |
- basic.ca = 1;
|
|
|
1495bf |
+ basic.ca = 255; // set all bits for TRUE
|
|
|
1495bf |
X509V3_add1_i2d(&exts, NID_basic_constraints, &basic, TRUE, 0);
|
|
|
1495bf |
|
|
|
1495bf |
len = i2d_PUBKEY(key, NULL);
|
|
|
1495bf |
--
|
|
|
1495bf |
2.13.6
|
|
|
1495bf |
|