Clarify documentation of mbedtls_x509_crt_profile This commit fixes #1992: The documentation of mbedtls_x509_crt_profile previously stated that the bitfield `allowed_pks` defined which signature algorithms shall be allowed in CRT chains. In actual fact, however, the field also applies to guard the public key of the end entity certificate. This commit changes the documentation to state that `allowed_pks` applies to the public keys of all CRTs in the provided chain. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

commit: f501cb57a54b4f1fb18f087904534a2ef7cde1bf [log] [tgz]
author: Hanno Becker <hanno.becker@arm.com> Thu Oct 11 11:36:29 2018 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Apr 25 11:57:09 2022 +0200
tree: 060c956754be5644439f88bbfe16e6970c054c9d
parent: 988391d1cbae116d00717ac404885f3646dd2379 [diff] [blame]
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 4cc4e13..c6e20cf 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h

@@ -159,7 +159,9 @@
 typedef struct mbedtls_x509_crt_profile
 {
     uint32_t allowed_mds;       /**< MDs for signatures         */
-    uint32_t allowed_pks;       /**< PK algs for signatures     */
+    uint32_t allowed_pks;       /**< PK algs for public keys;
+                                 *   this applies to any CRT
+                                 *   in the provided chain.     */
     uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
     uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
 }
commit	f501cb57a54b4f1fb18f087904534a2ef7cde1bf	[log] [tgz]
author	Hanno Becker <hanno.becker@arm.com>	Thu Oct 11 11:36:29 2018 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Apr 25 11:57:09 2022 +0200
tree	060c956754be5644439f88bbfe16e6970c054c9d
parent	988391d1cbae116d00717ac404885f3646dd2379 [diff] [blame]