Revert "Conformance-breaking: Keep the stricter rules"

This reverts commit ac11a81.
passwordless-lib · Oct 18, 2024 · 05fbed1 · 05fbed1
1 parent 0f9f0cb
commit 05fbed1
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/Src/Fido2/Extensions/CryptoUtils.cs b/Src/Fido2/Extensions/CryptoUtils.cs
@@ -61,7 +61,7 @@ public static bool ValidateTrustChain(X509Certificate2[] trustPath, X509Certific
         // Let's check the simplest case first.  If subject and issuer are the same, and the attestation cert is in the list, that's all the validation we need
 
         // We have the same singular root cert in trustpath and it is in attestationRootCertificates
-        if (trustPath.Length == 1 && trustPath[0].Subject.Equals(trustPath[0].Issuer, StringComparison.Ordinal))
+        if (trustPath.Length == 1)
         {
             foreach (X509Certificate2 cert in attestationRootCertificates)
             {

diff --git a/Test/CryptoUtilsTests.cs b/Test/CryptoUtilsTests.cs
@@ -66,8 +66,8 @@ public void TestValidateTrustChainSubAnchor()
 
         Assert.False(0 == attestationRootCertificates[0].Issuer.CompareTo(attestationRootCertificates[0].Subject));
         Assert.True(CryptoUtils.ValidateTrustChain(trustPath, attestationRootCertificates));
-        Assert.False(CryptoUtils.ValidateTrustChain(trustPath, trustPath));
-        Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates));
+        Assert.True(CryptoUtils.ValidateTrustChain(trustPath, trustPath));
+        Assert.True(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates));
         Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, trustPath));
     }