Documentation update related to library limitations

Signed-off-by: AssemblyJohn <[email protected]>
EVerest · Oct 21, 2024 · 3add8dd · 3add8dd
1 parent 1ee16ba
commit 3add8dd
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -104,3 +104,9 @@ Defaults:
 - Minimum certificates kept: 10
 - Maximum storage space: 50 MB
 - Maximum certificate entries: 2000
+
+## Limitations
+
+Based on information from [ssl](https://www.ssl.com/article/what-are-root-certificates-and-why-do-they-matter/), self-signed roots are possible, but not supported in our library at the moment.
+
+Cross-signed certificate chains (see [ssl](https://www.ssl.com/blogs/ssl-com-legacy-cross-signed-root-certificate-expiring-on-september-11-2023/)), required for seamless root transitions are not supported at the moment.
diff --git a/include/evse_security/certificate/x509_hierarchy.hpp b/include/evse_security/certificate/x509_hierarchy.hpp
@@ -37,6 +37,7 @@ struct X509Node {
 
 /// @brief Utility class that is able to build a immutable certificate hierarchy
 /// with a  list of self-signed root certificates and their respective sub-certificates
+/// Note: non self-signed roots and cross-signed certificates are not supported now
 class X509CertificateHierarchy {
 public:
     const std::vector<X509Node>& get_hierarchy() const {

diff --git a/include/evse_security/evse_security.hpp b/include/evse_security/evse_security.hpp
@@ -208,6 +208,7 @@ class EvseSecurity {
     /// will return:
     /// ROOT_V2G_Hubject->SUB_CA1->SUB_CA2->Leaf_Valid_B +
     /// ROOT_V2G_OtherProvider->SUB_CA_O1->SUB_CA_O2->Leav_Valid_A
+    /// Note: non self-signed roots and cross-signed certificates are not supported
     /// @param certificate_type type of leaf certificate that we start the search from
     /// @param encoding specifies PEM or DER format
     /// @param include_ocsp if OCSP data should be included