[Buildroot] [PATCH 1/3] package/mbedtls: add BR2_PACKAGE_MBEDTLS_X509_UNSUPPORTED_CRITICAL_EXTENSION
Nicola Di Lieto
nicola.dilieto at gmail.com
Thu Apr 23 23:27:58 UTC 2020
On Thu, Apr 23, 2020 at 10:09:05PM +0200, Thomas Petazzoni wrote:
>
>What is this X509_UNSUPPORTED_CRITICAL_EXTENSION functionality that is
>so weird that it requires patching the mbedtls config.h file ? Why is
>uacme absolutely requiring this functionality that no other user of
>mbedtls requires ?
>
There is an explanation at
https://github.com/ndilieto/uacme/issues/23
Briefly, tls-alpn-01 validation requires (as per RFC8737 section 6.1) a
new critical certificate extension. mbedTLS doesn't know about it and
refuses to parse any certificate with such extension unless that build
feature is enabled.
More information about the buildroot
mailing list