Merge pull request #2082 from hanno-arm/iotssl-2490

Fix documentation of allowed_pks field in mbedtls_x509_crt_profile
This commit is contained in:
Gilles Peskine 2022-04-28 18:13:55 +02:00 committed by GitHub
commit f21617915f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 1 deletions

View file

@ -0,0 +1,5 @@
Bugfix
* Fix incorrect documentation of mbedtls_x509_crt_profile. The previous
documentation stated that the `allowed_pks` field applies to signatures
only, but in fact it does apply to the public key type of the end entity
certificate, too. Fixes #1992.

View file

@ -190,7 +190,9 @@ mbedtls_x509_subject_alternative_name;
typedef struct mbedtls_x509_crt_profile
{
uint32_t allowed_mds; /**< MDs for signatures */
uint32_t allowed_pks; /**< PK algs for signatures */
uint32_t allowed_pks; /**< PK algs for public keys;
* this applies to all certificates
* in the provided chain. */
uint32_t allowed_curves; /**< Elliptic curves for ECDSA */
uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */
}