simo5
commented
2 years ago This has been independently tested to resolve issues in FreeIPA where the change caused a failure.
Closed simo5 closed 2 years ago
simo5
commented
2 years ago This has been independently tested to resolve issues in FreeIPA where the change caused a failure.
These additional heuristics help in case the calling application was correctly calssifying key usage, as this is another valid hitn of what the application intended. Invalid key usage would already cause failure, so this does not affect the countermeasures introduced but can avoid issues in older applications.