fix: Allow single cert in X.509 credentials

wireapp · Jan 19, 2024 · 92a2a1c · 92a2a1c
1 parent 19c3d7a
commit 92a2a1c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/openmls/src/credentials/errors.rs b/openmls/src/credentials/errors.rs
@@ -18,7 +18,7 @@ pub enum CredentialError {
     #[error("Invalid signature.")]
     InvalidSignature,
     /// Incomplete x509 certificate chain
-    #[error("x509 certificate chain is either empty or contains a single self-signed certificate which is not allowed.")]
+    #[error("x509 certificate chain is empty")]
     IncompleteCertificateChain,
     /// Failed to decode certificate data
     #[error("Failed to decode certificate data: {0}")]

diff --git a/x509_credential/src/lib.rs b/x509_credential/src/lib.rs
@@ -22,7 +22,7 @@ impl CertificateKeyPair {
     /// Constructs the `CertificateKeyPair` from a private key and a der encoded
     /// certificate chain
     pub fn new(sk: Vec<u8>, cert_chain: Vec<Vec<u8>>) -> Result<Self, CryptoError> {
-        if cert_chain.len() < 2 {
+        if cert_chain.is_empty() {
             return Err(CryptoError::IncompleteCertificateChain);
         }
         let pki_path = cert_chain.into_iter().try_fold(