mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 08:37:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Correction to the migr. guide wording and removal of not needed option

Browse Source 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
This commit is contained in:
TRodziewicz 2021-06-09 13:24:48 +02:00
parent b8367380b1
commit 0ea2576502
1 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md
View File

@ -1,9 +1,13 @@
Remove the X509 parser sensitivity control for an unknown critical extension from config.h
------------------------------------------------------------------------------------------
Remove the config option MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
--------------------------------------------------------------------------
It affects users who use the `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION`
option which if set, allowed the X509 parser to parse an X509 certificate
even when it encountered an unknown critical extension.
This change does not affect users of the default configuration; it only affect
users who enable this option.
The X.509 standard says that implementations must reject critical extensions that
they don't recognize, and this is what Mbed TLS does by default. This option
allowed to continue parsing those certificates but didn't provide a convenient
way to handle those extensions.
The migration path from that option is to use the
`mbedtls_x509_crt_parse_der_with_ext_cb()` function which is functionally