Add pathLen support toWolfSSLCertificate/WolfSSLCertRequest addExtension()#341
Merged
rlm2002 merged 1 commit intowolfSSL:masterfrom Mar 18, 2026
Merged
Add pathLen support toWolfSSLCertificate/WolfSSLCertRequest addExtension()#341rlm2002 merged 1 commit intowolfSSL:masterfrom
WolfSSLCertificate/WolfSSLCertRequest addExtension()#341rlm2002 merged 1 commit intowolfSSL:masterfrom
Conversation
cconlon
changed the title
WolfSSLCertificate/WolfSSLCertRequest addExtension()WolfSSLCertificate/WolfSSLCertRequest addExtension()
There was a problem hiding this comment.
Pull request overview
Adds Basic Constraints pathLenConstraint support to the Java certificate/CSR extension APIs, bridging through JNI into wolfSSL (with compile-time guards for wolfSSL versions lacking the required upstream fixes).
Changes:
- Added
addExtension(int nid, boolean value, int pathLen, boolean isCritical)overloads toWolfSSLCertificateandWolfSSLCertRequest; legacy 3-arg overload delegates withpathLen = -1. - Extended JNI/native implementations to accept a
pathLenparameter and attempt to encode it into Basic Constraints. - Added JUnit coverage for valid/invalid
pathLenand a DER round-trip test for generated certificates.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| src/java/com/wolfssl/WolfSSLCertificate.java | Adds new Basic Constraints overload and updates native call + error handling. |
| src/java/com/wolfssl/WolfSSLCertRequest.java | Adds new Basic Constraints overload and updates native call + error handling. |
| native/com_wolfssl_WolfSSLCertificate.h | Updates JNI signature for boolean-extension native method. |
| native/com_wolfssl_WolfSSLCertificate.c | Implements pathLen handling and version guard in native Basic Constraints setter. |
| native/com_wolfssl_WolfSSLCertRequest.h | Updates JNI signature for boolean-extension native method. |
| native/com_wolfssl_WolfSSLCertRequest.c | Implements pathLen handling and version guard in native Basic Constraints setter. |
| src/test/com/wolfssl/test/WolfSSLCertificateTest.java | Adds extension-setter coverage and DER round-trip generation test for pathLen. |
| src/test/com/wolfssl/test/WolfSSLCertRequestTest.java | Adds CSR extension-setter tests for pathLen and invalid inputs. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rlm2002
reviewed
Mar 13, 2026
Member
Author
|
Will rebase once #343 gets in. |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 8 out of 8 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rlm2002
approved these changes
Mar 18, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds an
addExtension(int nid, boolean value, int pathLen, boolean isCritical)overload toWolfSSLCertificateandWolfSSLCertRequestfor setting Basic Constraints with a path length constraint.Existing 3-arg
addExtension(nid, boolean, boolean)now delegates to the new method withpathLen=-1to avoid code duplication.This is version guarded with
WOLFSSL_PR9940_PATCH_APPLIEDfor wolfSSL users <= 5.8.4 who don't have the fixes made in wolfSSL/wolfssl#9940, unless a patch is applied for that PR diff.Basic JUnit tests are included as well for regression prevention.