Serial numbers are printed in lowercase hex (seems this is not an issue with OCTT, but it's helpful for local e2e testing)
Installation of expired CA certificates is rejected
In X509CertificateHierarchy, certificate hash data for non-leaf certificates is computed correctly (using the parent cert for the issuer key hash).
Nodes in the X509CertificateHierarchy also store a copy of the parent certificate (or a copy of the certificate itself if self-signed).
Adjusted some of the tests to expect the correct certificate hash data
What's left TODO:
Certificate deletion should also work correctly for non-root certificates - as discussed, this can be done by reconstructing the X509CertificateHierarchy at the beginning of the deletion function.
Fix the unit tests which still fail after our changes, and review the ones that pass.
This PR contains the following fixes and changes:
X509CertificateHierarchy
, certificate hash data for non-leaf certificates is computed correctly (using the parent cert for the issuer key hash).X509CertificateHierarchy
also store a copy of the parent certificate (or a copy of the certificate itself if self-signed).What's left TODO:
X509CertificateHierarchy
at the beginning of the deletion function.