don't allow mismatched curves

2026-02-15 17:24:23 +01:00 · 2026-02-06 14:13:55 -06:00
parent 8c828b3cae
commit 9546cf0aec
2 changed files with 5 additions and 0 deletions
--- a/cert/ca_pool.go
+++ b/cert/ca_pool.go
@@ -190,6 +190,10 @@ func (ncp *CAPool) verify(c Certificate, now time.Time, certFp string, signerFp
 		return nil, err
 	}

+	if signer.Certificate.Curve() != c.Curve() {
+		return nil, ErrCurveMismatch
+	}
+
 	if signer.Certificate.Expired(now) {
 		return nil, ErrRootExpired
 	}