You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
FDP_CER_EXT.1.2/OLTleaf says "basicConstraints is populated with CA flag equal to false"
Since the default value for the CA flag is false, the DER encoding rules indicate proper encoding is to omit the CA flag to indicate a value of false. Most implementations gracefully handle a false value; however, the FP should not require issuance of non-standard certificates.
It is preferable for leaf certificates not to include basicConstraints but if included, it is permissible for the CA flag either to be set explicitly to FALSE or to be omitted entirely. FDP_CER_EXT.1.2/OLTleaf updated accordingly. Believe this can be closed.
FDP_CER_EXT.1.2/OLTleaf says "basicConstraints is populated with CA flag equal to false"
Since the default value for the CA flag is false, the DER encoding rules indicate proper encoding is to omit the CA flag to indicate a value of false. Most implementations gracefully handle a false value; however, the FP should not require issuance of non-standard certificates.
Please see https://lightshipsec.com/x-509-cafalse-testing/ for additional technical details.
The text was updated successfully, but these errors were encountered: