{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Evening l夕情丶 的问题《Certificates Basic Constraint's Path Length》','https://www.manongdao.com/q-466071.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Is having a Path Length of 0 and None the same thing for Basic Constraint's of a CA type? To clarify, does a path length of 0 mean that the CA can issue no certificates while a path length of none mean that it can issue an infinite amount of certificates?
相关问题
- Highlight parent path to the root
- How to get a fixed number of evenly spaced points
- Keychain unable to import p12 properly and system
- Python os.path.commonprefix - is there a path orie
- Using relative url for [removed] in child iframe
相关文章
- linux / libusb get usb device path
- How to get server path of physical path ?
- Does the apple push notification distribution cert
- Openssl telling certificate has expired when it ha
- OpenSSL error - unable to get local issuer certifi
- Why ContextClassLoader returns path with exclamati
- libxml2.2.dylib reference in python program
- How can I resolve a relative path to absolute path
Taken from RFC 5280, section 4.2.1.9:
I.e. a
pathLenConstraintof 0 does still allow the CA to issue certificates, but these certificates must be end-entity-certificates (the CA flag in BasicConstraints is false - these are the "normal" certificates that are issued to people or organizations).It also implies that with this certificate, the CA must not issue intermediate CA certificates (where the CA flag is true again - these are certificates that could potentially issue further certificates, thereby increasing the
pathLenby 1).An absent
pathLenConstrainton the other hand means that there is no limitation considering the length of certificate paths built from an end-entity certificate that would lead up to our example CA certificate. This implies that the CA could issue a intermediate certificate for a sub CA, this sub CA could again issue an intermediate certificate, this sub CA could again... until finally one sub CA would issue an end-entity certificate.If the
pathLenConstraintof a given CA certificate is > 0, then it expresses the number of possible intermediate CA certificates in a path built from an end-entity certificate up to the CA certificate. Let's say CA X has apathLenConstraintof 2, the end-entity certificate is issued to EE. Then the following scenarios are valid (I denoting an intermediate CA certificate)but this and those scenarios with even more intermediate CAs are not