From 05fbed1ae1ec1d1f8f6030d101db2cbbfdb82803 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20=C3=85berg?= Date: Fri, 18 Oct 2024 13:52:52 +0200 Subject: [PATCH] Revert "Conformance-breaking: Keep the stricter rules" This reverts commit ac11a81bb8d0e9fc5338ee90fd6786df2d9587ed. --- Src/Fido2/Extensions/CryptoUtils.cs | 2 +- Test/CryptoUtilsTests.cs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Src/Fido2/Extensions/CryptoUtils.cs b/Src/Fido2/Extensions/CryptoUtils.cs index 8714becf..10a0894d 100644 --- a/Src/Fido2/Extensions/CryptoUtils.cs +++ b/Src/Fido2/Extensions/CryptoUtils.cs @@ -61,7 +61,7 @@ public static bool ValidateTrustChain(X509Certificate2[] trustPath, X509Certific // Let's check the simplest case first. If subject and issuer are the same, and the attestation cert is in the list, that's all the validation we need // We have the same singular root cert in trustpath and it is in attestationRootCertificates - if (trustPath.Length == 1 && trustPath[0].Subject.Equals(trustPath[0].Issuer, StringComparison.Ordinal)) + if (trustPath.Length == 1) { foreach (X509Certificate2 cert in attestationRootCertificates) { diff --git a/Test/CryptoUtilsTests.cs b/Test/CryptoUtilsTests.cs index 2ce5d81a..505f75db 100644 --- a/Test/CryptoUtilsTests.cs +++ b/Test/CryptoUtilsTests.cs @@ -66,8 +66,8 @@ public void TestValidateTrustChainSubAnchor() Assert.False(0 == attestationRootCertificates[0].Issuer.CompareTo(attestationRootCertificates[0].Subject)); Assert.True(CryptoUtils.ValidateTrustChain(trustPath, attestationRootCertificates)); - Assert.False(CryptoUtils.ValidateTrustChain(trustPath, trustPath)); - Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates)); + Assert.True(CryptoUtils.ValidateTrustChain(trustPath, trustPath)); + Assert.True(CryptoUtils.ValidateTrustChain(attestationRootCertificates, attestationRootCertificates)); Assert.False(CryptoUtils.ValidateTrustChain(attestationRootCertificates, trustPath)); }