Trust anchor certificates must include a Basic Constraints extension with the cA field set to true. Trust anchors are used to validate certificate chains used in TLS and signed code. New checks have been added to ensure that trust anchors are CA certificates and contain proper extensions.This version adds support for more algorithms such as the AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message digests, and RSASSA-PSS signatures when the corresponding PKCS11 mechanisms are supported by the underlying PKCS11 library.
0 Comments
Leave a Reply. |