[Backport 2.16] Mark basic constraints critical as appropriate. Per RFC 5280 4.2.1.9 if the 'cA' field is set to true, the extension must be marked critical. Signed-off-by: Darren Krahn <dkrahn@google.com>

commit: ef7730c6eb1269c0411faa0169848f95ed4caa3a [log] [tgz]
author: Darren Krahn <dkrahn@google.com> Mon Sep 21 17:40:50 2020 -0700
committer: Darren Krahn <dkrahn@google.com> Fri Jan 15 16:56:59 2021 -0800
tree: d7b87f4a7bbf8cf6df859a719c1af87192428b37
parent: 15c39e53e5a9a6aff2f5becc5d9004ce98803155 [diff] [blame]
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 5462e83..aaffd14 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c

@@ -203,7 +203,7 @@
     return(
         mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
                              MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
-                             0, buf + sizeof(buf) - len, len ) );
+                             is_ca, buf + sizeof(buf) - len, len ) );
 }
 
 #if defined(MBEDTLS_SHA1_C)
commit	ef7730c6eb1269c0411faa0169848f95ed4caa3a	[log] [tgz]
author	Darren Krahn <dkrahn@google.com>	Mon Sep 21 17:40:50 2020 -0700
committer	Darren Krahn <dkrahn@google.com>	Fri Jan 15 16:56:59 2021 -0800
tree	d7b87f4a7bbf8cf6df859a719c1af87192428b37
parent	15c39e53e5a9a6aff2f5becc5d9004ce98803155 [diff] [blame]