From 3add8ddc949c12211e19aa37d834fa5f28e4f3f2 Mon Sep 17 00:00:00 2001 From: AssemblyJohn Date: Mon, 21 Oct 2024 12:04:02 +0300 Subject: [PATCH] Documentation update related to library limitations Signed-off-by: AssemblyJohn --- README.md | 6 ++++++ include/evse_security/certificate/x509_hierarchy.hpp | 1 + include/evse_security/evse_security.hpp | 1 + 3 files changed, 8 insertions(+) diff --git a/README.md b/README.md index f65ba0a..9565f9c 100644 --- a/README.md +++ b/README.md @@ -104,3 +104,9 @@ Defaults: - Minimum certificates kept: 10 - Maximum storage space: 50 MB - Maximum certificate entries: 2000 + +## Limitations + +Based on information from [ssl](https://www.ssl.com/article/what-are-root-certificates-and-why-do-they-matter/), self-signed roots are possible, but not supported in our library at the moment. + +Cross-signed certificate chains (see [ssl](https://www.ssl.com/blogs/ssl-com-legacy-cross-signed-root-certificate-expiring-on-september-11-2023/)), required for seamless root transitions are not supported at the moment. \ No newline at end of file diff --git a/include/evse_security/certificate/x509_hierarchy.hpp b/include/evse_security/certificate/x509_hierarchy.hpp index b9a86ca..d3bc6cf 100644 --- a/include/evse_security/certificate/x509_hierarchy.hpp +++ b/include/evse_security/certificate/x509_hierarchy.hpp @@ -37,6 +37,7 @@ struct X509Node { /// @brief Utility class that is able to build a immutable certificate hierarchy /// with a list of self-signed root certificates and their respective sub-certificates +/// Note: non self-signed roots and cross-signed certificates are not supported now class X509CertificateHierarchy { public: const std::vector& get_hierarchy() const { diff --git a/include/evse_security/evse_security.hpp b/include/evse_security/evse_security.hpp index 45ed8d3..1d3b3e8 100644 --- a/include/evse_security/evse_security.hpp +++ b/include/evse_security/evse_security.hpp @@ -208,6 +208,7 @@ class EvseSecurity { /// will return: /// ROOT_V2G_Hubject->SUB_CA1->SUB_CA2->Leaf_Valid_B + /// ROOT_V2G_OtherProvider->SUB_CA_O1->SUB_CA_O2->Leav_Valid_A + /// Note: non self-signed roots and cross-signed certificates are not supported /// @param certificate_type type of leaf certificate that we start the search from /// @param encoding specifies PEM or DER format /// @param include_ocsp if OCSP data should be included