[PATCH v4 3/6] KEYS: X.509: Parse Basic Constraints for CA
Mimi Zohar
zohar at linux.ibm.com
Wed Feb 8 21:01:56 UTC 2023
On Mon, 2023-02-06 at 21:59 -0500, Eric Snowberg wrote:
> Parse the X.509 Basic Constraints. The basic constraints extension
> identifies whether the subject of the certificate is a CA.
>
> BasicConstraints ::= SEQUENCE {
> cA BOOLEAN DEFAULT FALSE,
> pathLenConstraint INTEGER (0..MAX) OPTIONAL }
>
> If the CA is true, store it in the public_key. This will be used
> in a follow on patch that requires knowing if the public key is a CA.
>
> Link: https://www.rfc-editor.org/rfc/rfc5280#section-4.2.1.9
> Signed-off-by: Eric Snowberg <eric.snowberg at oracle.com>
Reviewed-by: Mimi Zohar <zohar at linux.ibm.com>
More information about the Linux-security-module-archive
mailing list