Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-03-29 | Require intermediate CAs to have basicConstraints CA:true. | Viktor Dukhovni | |
Previously, it was sufficient to have certSign in keyUsage when the basicConstraints extension was missing. That is still accepted in a trust anchor, but is no longer accepted in an intermediate CA. Reviewed-by: Rich Salz <rsalz@openssl.org> |