Star1113
683
代码
代码
Issues55
Pull Requests92
流水线
讨论
Wiki
分析
Star1113
683
OOoohuifix(pki): correct self-issued certificate handling in chain building and path length verification
26036599创建于 1 天前历史提交
文件最后提交记录最后更新时间
cms
fix:fix issues of cms and CRYPT_EAL_CleanUp for PROVIDER_RAND bit Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1499
1 个月前
pkcs12
fix:Clean up sensitive data and fix some code issues Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1497
1 个月前
print
Add SAN URI-ID and SRV-ID support for X.509 certificates Body Extend X.509 SAN handling to support URI-ID and SRV-ID per RFC 6125, including parsing, generation, and identity verification. Verification runs only when the corresponding SAN entries are present in the certificate. Add public verification helpers for URI-ID and SRV-ID, and register the id-on-dnsSRV OID for SRVName handling. Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1592
11 天前
x509_cert
fix(pki): correct self-issued certificate handling in chain building and path length verification - Distinguish self-issued (subject==issuer) from self-signed (subject==issuer + valid signature) to prevent premature chain termination - Rewrite X509_CheckExt path length verification per RFC 5280 §6.1.4 (l)(m) using a decrementing maxPathLen counter, eliminating O(n²) inner loop - Return HITLS_X509_ERR_SIGN_REPEAT instead of silent success when CRL/Cert/CSR is signed repeatedly, preventing users from mistaking a no-op for a successful re-sign Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1568
1 天前
x509_common
fix(pki): correct self-issued certificate handling in chain building and path length verification - Distinguish self-issued (subject==issuer) from self-signed (subject==issuer + valid signature) to prevent premature chain termination - Rewrite X509_CheckExt path length verification per RFC 5280 §6.1.4 (l)(m) using a decrementing maxPathLen counter, eliminating O(n²) inner loop - Return HITLS_X509_ERR_SIGN_REPEAT instead of silent success when CRL/Cert/CSR is signed repeatedly, preventing users from mistaking a no-op for a successful re-sign Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1568
1 天前
x509_crl
fix(pki): correct self-issued certificate handling in chain building and path length verification - Distinguish self-issued (subject==issuer) from self-signed (subject==issuer + valid signature) to prevent premature chain termination - Rewrite X509_CheckExt path length verification per RFC 5280 §6.1.4 (l)(m) using a decrementing maxPathLen counter, eliminating O(n²) inner loop - Return HITLS_X509_ERR_SIGN_REPEAT instead of silent success when CRL/Cert/CSR is signed repeatedly, preventing users from mistaking a no-op for a successful re-sign Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1568
1 天前
x509_csr
fix(pki): correct self-issued certificate handling in chain building and path length verification - Distinguish self-issued (subject==issuer) from self-signed (subject==issuer + valid signature) to prevent premature chain termination - Rewrite X509_CheckExt path length verification per RFC 5280 §6.1.4 (l)(m) using a decrementing maxPathLen counter, eliminating O(n²) inner loop - Return HITLS_X509_ERR_SIGN_REPEAT instead of silent success when CRL/Cert/CSR is signed repeatedly, preventing users from mistaking a no-op for a successful re-sign Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1568
1 天前
x509_verify
fix(pki): correct self-issued certificate handling in chain building and path length verification - Distinguish self-issued (subject==issuer) from self-signed (subject==issuer + valid signature) to prevent premature chain termination - Rewrite X509_CheckExt path length verification per RFC 5280 §6.1.4 (l)(m) using a decrementing maxPathLen counter, eliminating O(n²) inner loop - Return HITLS_X509_ERR_SIGN_REPEAT instead of silent success when CRL/Cert/CSR is signed repeatedly, preventing users from mistaking a no-op for a successful re-sign Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1568
1 天前
CMakeLists.txt
fix:Fix macro compilation issues and CRL entry CHOICE tag check Cherry-picked from: https://gitcode.com/openHiTLS/openhitls/merge_requests/1537
1 个月前