android13/external/open-dice/third_party/mbedtls/0001-Mark-basic-constraints-critical-as-appropriate.patch

From d5cbe3484248ee5f44543b1b50604bcd5739cc85 Mon Sep 17 00:00:00 2001
From: Darren Krahn <dkrahn@google.com>
Date: Fri, 10 Jul 2020 17:03:57 -0700
Subject: [PATCH] Mark basic constraints critical as appropriate.

Per RFC 5280 4.2.1.9 if the 'cA' field is set to true, the extension
must be marked critical.
---
 library/x509write_crt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 32c655096..498b8b0a0 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -163,7 +163,7 @@ int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
     return(
         mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_BASIC_CONSTRAINTS,
                              MBEDTLS_OID_SIZE( MBEDTLS_OID_BASIC_CONSTRAINTS ),
-                             0, buf + sizeof(buf) - len, len ) );
+                             is_ca, buf + sizeof(buf) - len, len ) );
 }
 
 #if defined(MBEDTLS_SHA1_C)
-- 
2.29.0.rc1.297.gfa9743e501-goog