RE: Question about pathlen extension checked

Yes. NSS has two different ways to verify certificates - "original" and libpkix (the new way). Firefox uses "original" (as probably do most NSS apps), Chromium uses libpkix. "Original" source pointer: http://mxr.mozilla.org/mozilla/source/security/nss/lib/certhigh/certvfy.c?ma rk=514,519,527,531,

Question about pathlen extension checked

Hi, does NSS check the pathlength extension in an issuing certificate? I am particularly wondering if pathlen:0 is honoured. Thanks, Ralph -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto